AIM Worm Threatens with Rootkit

A Web security firm that specializes in IM and P2P security said on Friday that a new worm spreading through the AOL Instant Messenger network might cause more problems than the average IM worm.

According to FaceTime Communications, the W32/Sdbot-ADD worm includes an executable called a rootkit that would allow an attacker to monitor a computer, as well as upload and download files from it.

Sdbot-ADD will also attempt to shut down the user's antivirus software and open a security hole to allow additional software to be installed. Other problems include CPU usage reaching 100 percent due to the malware installed, as well as a change in the user's default search engine.

Instant messaging security firm IMLogic said earlier this month that attacks on IM networks increased to record levels, multiplying by fourteen times through the first three quarters of this year.

According to the research firm, 87 percent of all attacks were worm-based. IMLogic said the majority of attacks are targeting the MSN Messenger client. However, FaceTime's report suggests that users of other clients could be just as vulnerable.

"All AIM PC users are at risk by new IM exploit," FaceTime said. The company suggests that users be careful when links are sent to them by buddies, and confirm with the buddy that the link was intentionally sent.