Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: New AIM worm - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New AIM worm
Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading.
The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.

The user will receive the following AIM message:

"This AIM user has sent you a Greetings Card, to open it visit:"

Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
This file is a SDBot variant and at the moment the most popular AV programs detect it generically.

Thanks to Joshua!

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich July 2019


379 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!