AIM SDBot Worm Installs Lockx.exe RootKit, Takes You to eza1netsearch.com   10/31/2005 - 1,054 views, 1 Comment

Summary: A new AOL Instant Messenger worm, SDBot.add, installs the rootkit Lockx.exe on your computer. In addition to the root kit, the AIM worm changes your searchpage to http://www.eza1netsearch.com/sp2.php at eza1netsearch.com.

Previous Article « What are those ads at the bottom of the Internet Patrol website? Chitika eMiniMall!
Read Next Article » Evil New PayPal Phish! New email address added to your PayPal account!

A new AOL Instant Messenger worm called SDBot.add has been discovered which installs the Lockx.exe rootkit on your computer, and redirects your searches to eza1netsearch.com (http://www.eza1netsearch.com/sp2.php).

A rootkit (also known as “root kit”) is a usually undetectable piece of malicious software which, once installed, allows someone to have full root (master) access to your computer. Once the Lockx.exe rootkit has been installed, it opens a direct connection to an IRC channel, through which people can take control of your computer.

In addition to installing the Lockx.exe root kit, SDBot.add installs a host of other malware, spyware, and adware.

The new AIM worm is being propagated by the usual AIM worm methods - you receive an AIM message from someone, often someone you know, with a link in it, and when you click on the link, the worm is transferred to your computer.

The SDBot.add AIM worm and its Lockx.exe rootkit were discovered by FaceTime Communications, an online security company.

Said Tyler Wells of FaceTime, “A very nasty bundle is downloaded to your machine. This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend.”

Get FREE email alerts of new Internet Patrol stories!
    *We never share your email address with anyone

Email Address:
Date of first visit:
How you found us:

Subscribe to The Internet Patrol on your cell phone    Email the link for this page to a friend!

Read more:

»  Newest AIM Opanki Worm says “LOL Look at Him”

»  Santa Worm Making the Rounds - You Better Watch Out!

»  New “Windows Genuine Advantage” Worm Cuebot-K Being Spread by AIM, Installs Self as Wgvan.exe and Dcpromo.log

»  Lebreat “Breatle AntiVirus” Actually Double-Edged Worm for Windows

For additional similar stories check out our archives on AOL, Instant Messengers, Worms

 

1 Comment »

  1. Removal instructions here: http://www.tech-recipes.com/windows_spyware_tips1038.html
    Here: http://www.daniweb.com/techtalkforums/thread33918.html

    Comment by Joe — 1/9/2006 @ 4:21 pm

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


We apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day!

 
The Internet Patrol
Patrolling the Internet for You!