W32/Sdbot-ADD worm is infecting many users of AOL Instant Messaging service. The worm and its rootkit,lockx.exe, allows a group of hackers from the Middle East take control of the user’s personal computer.


W32/Sdbot-ADD worm is infecting many users of AOL Instant Messaging service. The worm and its rootkit,lockx.exe, allows a group of hackers from the Middle East take control of the user’s personal computer.

The rootkit worm threat was identified by FaceTime Security Labs, of FaceTime Communications. FaceTime identified that the rootkit worm acts as a backdoor for other spyware and adware to contaminate the user’s computer.

Other spyware are able to steal personal information such as usernames and passwords. The computers are then controlled by a hacker through IRC.

One of the malware that installs itself on the user’s computer is “ster.exe” which adds six additional files which allows the hacker to upload, download and manage the user’s computer.

“This army of ‘bots could be used for any number of malicious purposes including a denial of service (DoS) attack against targeted Web sites.” [Source]

FaceTime Enterprise Edition and IMAuditor customers will be able to prevent the attack by blocking the particular .exe files from being downloaded onto the computer.

For more information, click here.

Sharing is caring