October 28, 2005 2:33 PM PDT

AIM worm plays nasty new trick

A worm found spreading via America Online's Instant Messenger is carrying a nastier punch than usual, a security company has warned.

The unnamed worm delivers a cocktail of unwanted software, including a so-called rootkit, security experts at FaceTime Communications said Friday. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack.

"A very nasty bundle is downloaded to your machine" when you click on the worm link, said Tyler Wells, senior director of engineering at FaceTime. "This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend."

Resource center
Identity theft
Experts debate key issues in ID fraud. Get the latest information here.

IM worm and malicious code attacks are happening more than ever before. The number of threats detected for instant-messaging and peer-to-peer networks rose 3,295 percent in the third quarter of 2005, compared with last year, according to a recent report from security provider IMlogic.

In addition to the "lockx.exe" rootkit file, the new worm delivers a version of the Sdbot Trojan horse, said FaceTime, which sells products to protect instant-messaging traffic. Sdbot opens a backdoor on the infected PC. The worm also places several spyware and adware applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle, the company added.

All that unwanted software can eat up system resources, slowing down the PC, Wells said. Also, the malicious applications will attempt to disable security programs and change the search page on the user's Web browser, FaceTime said.

The worm was spotted in an AOL IM chatroom and infected one of the PCs that FaceTime uses for worm bait. The company said it also has seen the pest hit other computers. "It is still out there, and it is definitely something the user should be leery of," Wells said. "The rootkit is designed to not be detected, and that is the scary part."

Worms on IM networks can spread rapidly. They appear as a message from a buddy with a link that looks innocent, but in fact points to malicious code somewhere on the Internet. Once the user clicks on the link, malicious code is installed and runs on the computer. The worm then spreads itself by sending messages to all names on the victim's contact list.

The advice to users is to be careful when clicking on links in IM messages--even when they seem to come from friends--and to use up-to-date antivirus software. When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not.

126 comments

Join the conversation!
Add your comment
SOlution?
How can I eliminate the virus, supposing I have acquired it?
Posted by Jeremybard (1 comment )
Reply Link Flag
download this
<a class="jive-link-external" href="http://free.grisoft.com/doc/1" target="_newWindow">http://free.grisoft.com/doc/1</a>
and Keep your virus database up to date.

This isn't a bad idea either.
<a class="jive-link-external" href="http://www.safer-networking.org/en/download/" target="_newWindow">http://www.safer-networking.org/en/download/</a>

VERY IMPORTANT!!!! IF you have another virus scanner installed, such as Norton, UNINSTALL IT FIRST!!! Bad things will happen if you try and run two virus scanners at once.
Posted by Bob Brinkman (556 comments )
Link Flag
Common denominator
"How can I eliminate the virus, supposing I have acquired it?"


Eliminate the common denominator, Microsoft Windows.

I did that 11 years ago and haven't looked back since.
Posted by cyber_rigger (70 comments )
Link Flag
Nuke and reload
Detection tools will only detect things they know about. If anything else was loaded it'll still be present even if all the rest was removed. The *only* way you can be completely sure of the machine again is to wipe everything.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Solutions?
All we can hope for,as a user of computers and the web, is that we are using a virus protection software that will constantly update itself as each day a new and dangerous threat seems to come out. I disagree with one other persons idea of getting/using ANY free virus program. THINK--if it is free, just how good can it be? DUH!!!! I use a program that I have had confidence in for years ( and by that, I mean over 20 years) and I have been as safe as anyone CAN be. Let's face it.....we are never truly safe until there is a complete halt to anyone creating virii of any sort. In a real world, this will never happen. All we can do is cling to the hopes that whatever virus detection program we use will make every effert to to stay abreast of the threats and create some type of eradicator for us.
Posted by texan46 (1 comment )
Link Flag
Solution = GET A MAC
Get a Mac and all those stupid problems go away
Posted by ryeguy8585 (1 comment )
Reply Link Flag
True enough.
Been using Macs for 17 years and never had a single virus or
malware programnor do I expect to ever see one. :-)
Posted by the Otter (247 comments )
Link Flag
Not necessarily
All you need to do is use common sense. I've never had a virus and I'm on a PC. Just don't click stuff that you don't know where it goes.
Posted by jotomaino (14 comments )
Link Flag
Not necessarily, part two
The argument of "get a mac and viruses go away" is not really that valid. The reason virus writers write, and especially this one, is to gain access to computers. If everyone starts migrating to Mac, there will be a slew of Mac viruses created, guaranteed.
Posted by jetcheber (5 comments )
Link Flag
MAC = new stupid problems
Stupidity always finds a way.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
An odd sense of satisfaction
You feel it when you click that link, watch your computer download
the virus, and then sit back while Tiger goes "*** am I suppposed
to do with this?"
Posted by jharder (11 comments )
Link Flag
Easy Solution
All you have to do this is copy the link location and paste it to see where the link is actually taking you see if the domain name is even related to the link given by your friend). Also if it ends with '.exe' or a '.scr', you probably shouldn't go to that website.
Posted by dhaynes (3 comments )
Reply Link Flag
im sure your aol anti spyware caught it ? right?
hahaha of course not, its all garbage, delete aol, get a real isp, and try mac, or linux, save yourself some money
Posted by digitallysick (103 comments )
Reply Link Flag
Love Your Post!
Thanks for making me smile!
:o)
Posted by e2ndo (1 comment )
Link Flag
LOL
Funny and I agree
Posted by Gasaraki (183 comments )
Link Flag
exactly
Save yourself money.. get some knowledge and get Linux. I am not going to be all uppity and say Linux has never had a virus.. because it has. And that's whats great about Linux.. everyone helping to improve it. And the guy saying no virus for Mac OSX, must not have done their research.. took me less than a minute to google a website and find a virus written for Mac OSX
Posted by (75 comments )
Link Flag
But then..
Not only is my OS under the grip of a monopolistic tyrant, my hardware is too, and it costs 3-4 times more. Not to mention none of my games and half of my apps won't run.

There's a much simpler solution-don't be stupid and click on random links. But if you aren't capable of that, sure, get a Mac.
Posted by Kamokazi (40 comments )
Reply Link Flag
Innovative
No no no, you see when Microsoft forces you to use their products, that's monopolistic.

But when Apple forces you to buy a new computer every two years, that's innovation.
Posted by jetcheber (5 comments )
Link Flag
That sums it up.
Thats basically sums it up for me too. I don't use Windows because I want to look at the Windows desktop, I use it because I want to run programs.

If I was going to sacrifice my software library on the altar of security, I'd do it to Linux and not to Apple. Then I wouldn't have to buy a new system at all. At worst, I might have to replace some hardware.
Posted by (29 comments )
Link Flag
WTF?
Ummm, is it monopoly that you have to buy a new Ford vehicle with a Ford engine? Have HP/IBM/Commodore/DEC/SGI/Sun been monopolistic tyrants due to the fact that they control both hardware and software? And before you mention beige box IBM/HP machines, you don't know enough to reply, since you apparently aren't aware enough of the larger picture to comment. Is it better to have collusion where you can buy a Sony machine, but you MUST use windows on it due proprietary windows-only hardware?

Also I'm not sure where those new $125 machines you're referring to are? Minis are $500 new, $480 for me (edu price). It's a cheapo box, but then again the basic OEM x86 boxes with no discrete video memory are too.

I don't play that many games, and there's enough available to waste lots of time, including (Unreal Tournament series, ID games, Blizzard games, Civ 3, AVP1&#38;2, Red Faction, Sims, C&#38;C Generals, Ghost Recon, and I don't have all day to list all of them). I really like Red Faction and AVP for LAN games, and it works fine. Games are where the platform is the weakest. If you want a toy machine, build a wintendo (I did).

Dearth of Apps? You're kidding right? How many apps do you need? I do just fine between the huge list of proprietary stuff and OSS stuff to boot. Biggest use are: Office, Fire (trillian with inline spell check), VLC, Mplayer (linux port, no windows version), Xcode, iLife suite, Audacity, iTerm (terminal with tabs), SubEtha Edit (network aware, multiple user, document/code editor), Quickbooks Pro, and much more than it's worth to mention.

I should probably mention that I work in IT. I manage windows networks. I also run XP Pro (games are 90% of what I use it for), Slackware Linux, FreeBSD, Solaris, OS9 (as a joke, my print server to prove it could be done)... My SGI is currently non-working :( I used to dual boot FreeBSD and 98.

With OSX I can use all the apps I used under windows and I have a *nix command line, and secure surfing environment all the time. While I have yet to have either my Slackware firewall hacked or my XP Pro boxes infected, they're not invulnerable. Zero-day exploits exist. If you happen across one you will be infected if you trigger it (which is easier than you might think, with an older version of Outlook/OE you could overrun a buffer in the email and infect a machine apon them recieving the message, viewing it was not required). With the XP boxen I'm very careful. When I got mailed the "I Love You" virus, I opened it up, and took a look at the virus's code, which was kinda interesting.

The old Mac hatred BS is old and getting lame. I used to call em Macintrash and all kinds of crap until a more mature friend clued me into OSX. I still hate OS9, but I hate it for valid, firsthand observed failings. Do some research into what the strengths and weaknesses of a platform is before looking stupid. Personally I hate wizards. Show the control panel/config file and leave me alone. Windows gets in my way more every year with the wizards, and that's a firsthand observation.

Apple's failing is they do cost more to get decent horsepower, and Network Management software and games are lacking. You're also more limited in hardware choice.

Windows failure is that it does everything and seemingly nothing incredibly well. It supports ten tons of hardware with poorly written drivers, ten million poor applications that can trash your registry/dlls. Building a decent box is an exercise in checking on what hardware is solid and has good drivers.

PS: Apple could not have written something as cool as OSX. It's updated NeXTstep through and through. So while it may have a candy coat, it's the same OS that was created with security in mind, which is why it was used by the CIA among other agencies.
Posted by Magnus Dredd (11 comments )
Link Flag
I got hit with this last week Tuesday
Our machines are fully patched. The web site launched a malware attack via the browser on the computer. It installed the Trojan which was stopped by the virus software which had up to date definitions. So Virus defs were up to date and the pc was fully patch. Yet the malware launched and sent an IM to all IM users and infected some local files which were quarantined. I cleaned up the pc's and the restore folder. Next week I will be installing IPS sofware (Sana Security)to prevent zero day Malware attacks such as this.
Posted by (1 comment )
Reply Link Flag
How can we identify it?
Okay, so we know a virus is out there, but what else is new. What the article didn't say is how to identify the virus... I have never gotten an AIM virus, but there is a first time for everything, what do we look out for?
Posted by visualbowler (3 comments )
Link Flag
Just curious
Why does nearly everyone work as administrator? If you run as an unprivileged user, you get a second chance before installing stealth programs. This goes for Mac OS, too. They won't be safe as soon as someone bothers to write the same kind of virus for them.
Posted by wjp (1 comment )
Reply Link Flag
Re: Just curious
Not sure about macs, but for windows most programs have to be run as administrator due to the design of the OS. Setting up users to have admin accounts by default is probably eaiser than them having to put a password in every time they want to run certain programs.
Posted by richardablitt (1 comment )
Link Flag
Unfair
You know how much you gave to microsoft or symantec? Thats just an unfair statment.
Posted by (6 comments )
Reply Link Flag
Tux et bona et fortuna est...
I'm not a Windows user, consequently I'm not
afraid of receiving email or instant messages
from total strangers.

The box said: "Requires Windows 98/2000/XP/NT,
or better." So, I installed LINUX!

"In a world without walls and fences,
who needs windows and gates?"

Tux et bona et fortuna est. ;)
Posted by Johnny Mnemonic (374 comments )
Reply Link Flag
software library
Here is my software library.
(16,000+ packages)

<a class="jive-link-external" href="http://packages.debian.org/stable/" target="_newWindow">http://packages.debian.org/stable/</a>


Debian comes with this slick install/uninstaller/update/patch tool
called synatic.

<a class="jive-link-external" href="http://www.nongnu.org/synaptic/action.html" target="_newWindow">http://www.nongnu.org/synaptic/action.html</a>

Most other Linux distros have something simmilar.

I just tried the free version of Xandros.
I has an installer that makes Microsoft Windows look pitiful.

<a class="jive-link-external" href="http://www.xandros.com/products/home/desktopoc/dsk_oc_download.html" target="_newWindow">http://www.xandros.com/products/home/desktopoc/dsk_oc_download.html</a>
Posted by cyber_rigger (70 comments )
Reply Link Flag
Debian
Synaptic is nice, though I prefer Aptitude. Nice thing about open systems is choice as you can switch between them.

Aptitude is console based, so faster but not as pretty (unless you count colourful as pretty). Nicest feature is that it will automatically uninstall things it automatically installed when you no longer need them.

I'd agree with the point on Windows Installer having had to delve into the guts of it. It is quite ugly. How many primary keys do you need to identify a product or component?

The one advantage I thought MSI had over Deb was the ability to embed dependencies, but that can be solved easily in deb. Add a CDROM or web site to Deb (and Synaptic provides a nice menu for this) and the CDROM can also include dependencies which will be autoinstalled as needed.
Posted by bugmenot (10 comments )
Link Flag
Very Scary
It is annoying that average users who simply
want to enjoy this amazing technology and
entertain themselves chatting with friends have
to put up with this virus/worm crap. The way I
see it, the only viable solution is to go to a
locked down version of BSD/Unix or Linux; only
when the number of MS Windows users drops enough
that MS stock is in the toilet, only then will
MS take this problem seriously and write an OS
which is not so vulnerable.
Posted by RichardET (9 comments )
Reply Link Flag
Re: Paranoid
I work in InfoSec and can tell you, telling someone on a board to
"go to this link, download this file and disable your Virus
protection" is the dumbest advice I've ever heard...and yes, I do
this for a living so I AM PARANOID.

This is how people on the Internet get OWNED. and how all of
their financial data gets sent to some jackass in Estonia or
Romania.

Good job, and **** Googling for this. It's all about educating
people not to blindly follow links like sheep.
Posted by funk49 (2 comments )
Reply Link Flag
follow links like sheep
<a class="jive-link-external" href="http://www.analogstereo.com/rover_75_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/rover_75_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
Hard to identify
Windows rootkits are extremely difficult to catch because of the
way Windows was designed (user level mode vs. kernel level
mode). I'm not sure whether anti-virus tools can even scan
kernel level mode space because of the trusted nature of
everything that runs in the kernel.

One good example are device drivers that you install for
hardware support. They reside in the kernel and this is the
reason why there are security controls in WIndows to prompt for
confirmation before installing drivers.

In a nutshell, rootkits are a ***** and terrible to find.
Posted by funk49 (2 comments )
Reply Link Flag
HELP ME!!!
My home computer got infected with this a few weeks ago...it continued to work alright for about a week and then it crashed and will not boot. What should I do?? There are a million articles about how bad this is, but not how to fix it. What do you do once your computer has gone into a coma?
Posted by ajkrause (1 comment )
Reply Link Flag
you must make a decision
IF you know how to make a boot disk and IF you can download the latest virus definitions then you MIGHT be able to clean off the virus yourself. Or you can bring it to your local computer shop, where they will probably charge you one or two hours labor to make things right, and that would be a fair and resonable charge. It may seem like a lot of money, but that's the way it goes. Hey, I'm great with computers, but when my plumbing breaks, I call a plumber...
Posted by xiandude (2 comments )
Link Flag
Poor journalism
"This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend."

If it's the *first time* you've seen this, how can it be a *trend*? Was that a vehicle for being able to place "disturbing" in your article? Why can't reporting done with accuracy and editing?
Posted by zoobster (1 comment )
Reply Link Flag
not poor journalism
Uhm, dude - the article was quoting someone. The fact that the PERSON said the one item was a trend reflects a misunderstanding on the part of the person quoted, not on the part of the person doing the quoting. FYI, there are many decaffinated brands that are just as tasty.
Never thought I would see the day when I would be defending a journalist...
Posted by xiandude (2 comments )
Link Flag
umm ...
That was a quote, it wasn't written by the article's author. Is he supposed to change the quotation?
Posted by user7145 (1 comment )
Link Flag
If you build it, they will trend.
Obviously you do not delve into nefarious activities.

Hackers tend to learn from their peer's mistakes as well as their accomplishments.

If the rootkit works, they'll exploit it.
Posted by etherwhisp (1 comment )
Link Flag
first time
<a class="jive-link-external" href="http://www.analogstereo.com/mazda_truck_b_series_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/mazda_truck_b_series_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
bundle of applications
<a class="jive-link-external" href="http://www.analogstereo.com/volvo_240_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/volvo_240_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
wow.... so sincere, so clueless
What you should have said:
Buying a Mac is a viable solution. It's strange that windows users generally use the Admin account(root). You'd think Microsoft would invest in something to secure their OS better.
-----
Root-kits are software specific, the fact that it's a PC (x86 machine) does not mean it's vulnerable. Linux is likewise not affected by this regardless of what the computer is. Likewise, AIM is a free service and does not make Time-Warner money directly. TW spending great deals of money on AIM is probably not in their best interests.

As far as administration; I generally prefer to administer in order of preference: Slackware, OSX (mostly from CLI), FreeBSD, some other *nix, Windows NT (2k,XP), WinDOS (95,98,ME), Classic MacOS. OS9 and OSX have virtually nothing in common, especially with regards to administration. OS9 and OSX were not even created by the same company. So talking about adminstering Macs, is like saying administering IBMs, which could mean mainframes or cheapo PCs.
Posted by Magnus Dredd (11 comments )
Reply Link Flag
wow information
Mac may be a viable solution.

What do I know of root kits and root users. The kit makes the
intended OS vunlerable.

We have no choice, its XP or else. AIM is free and because of that
we can all breath easy. Unless you put your name on it.
Posted by snowball77 (92 comments )
Link Flag
free service
<a class="jive-link-external" href="http://www.analogstereo.com/jaguar_x-type_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/jaguar_x-type_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
Hmm, AOL AND Windoze - a very bad combo
seems to me the major problem is the great unwashed using Windows AND AOL .. . mostly they can be conned into clicking on FEE V-I-A-Gra help me spell links and helping Patrice Mwumba clear 150million from his oil revenues after having his wife and 13 children kidnapped in Botswana.

Look - I MUST use a Windoze machine for work, but I do ALL of my home websurfing and 100% of my internet online sales transactions on a Mac. Sorry, you mac haters out there, but my mac laptopn and desktop at home are perfectly safe - even from mac viruses, since nothing can install itself.
Posted by erisajd (2 comments )
Reply Link Flag
Why not AOL for Linux
How come AOL hasn't released a Linux version? That's the only thing keeping me on Windows.
Posted by TheGear-20649376645277024 (1 comment )
Link Flag
Who says macs cant get viruses?
LOL, they must beleive all those apple supported facts that get published. Look people, I do tech support. I have seen OSX macs with virueses. So, dont say they cant get viruses. I have let a mac user cuss me blue up and down and tell me how stupid i am because macs cant get viruses. Then he runs his little used antivirus program, and lo and behold, he has a virus!

Seriously though, Windows needs better security from the average idiots. But, my feeling is, its like the firefox issue. As more people start using macs, the more people will look to write viruses/spyware that will affect macs.

Remember people, 90% of virus/spyware writers are doing it for the money they can make selling information. Or to further annoy Windows Users.

The true virus writer: A mac user mad that his OS is not number 1 :P

Peace
Posted by techguy83 (295 comments )
Reply Link Flag
Tech support, huh?
You probably should do a little more reading up on Macs and
virus software. If a person with a Mac has a Windows virus
located on the hard drive, a virus checker will find it and flag it.
That DOES NOT mean that the Mac was infected. Essentially, it
was just acting as a container for the virus which was likely
received through an e-mail attachement. However, it is still
essentially "live" and can theoretically be transferred to a PC,
where it will do its damage.
Posted by tdowling (21 comments )
Link Flag
Ok listen up
Are you sure that it wasnt a Windows virus that his antivirus
program detected? I would like to know what the program detected
it as, because I too work in this field except its not just IT, I also
design software programs for UNIX (including Mac OS), Linux,
Symbian, Solaris, and Windows. Please share with all of us if you
think that Mac OS is not #1 what the virus was called, also since
you are in tech support you should also know that viruses cannot
spread on a Macintosh computer like it does with windoze if there
ever was one written for OS X.
Posted by volvoman (2 comments )
Link Flag
what??
first of all, those are linux distro's which is a whole different os. Granted they are more secure (at the moment) that's a huge learning curve that's just not an option for the average user. Why not let people know what you're talking about before you just go and sound smart rattling off useless info to people who don't understand you. rather than confuse people, why not try to help?

Suse, knoppix, and whatever else he mentioned are linux distro's which would require you to reformat the whole computer and replace windows. With this, you can't run most windows based programs, granted there are free alternatives, but it is a confusing step and I'd suggest finding a forum or community where you can get support before you make the switch. I personally reside at techimo.com which is a great forum if you're looking for one, or you can find a local linux user group to help you through the switch if this is what you decide. If you're interested, try knoppix, which is a bootable cd, so you don't actually have to install...and when you get frustrated or sick of it...just pop the disk out and restart and boom...there's windows :).
Posted by sr71000 (5 comments )
Reply Link Flag
whoops
sorry....replied in the wrong spot....don't know how to delete :( my bad
Posted by sr71000 (5 comments )
Link Flag
To anti-Mac biggots
1. Don't justify your position by saying you're in tech support. 100% of the time I have called tech support the person on the other end of the line has been a complete and utter idiot.

2. Macs like anything else have a binary structure that is different from all other operating systems. Binaries on Windows do not affect Linux, or Mac OS X.

With these things in mind, a rootkit designed for Windows WILL NOT infect a Mac. Period.. Even if it is written in Python or Perl, how can it infect ps, netstat, etc. or replace them? If it replaces them with a Perl script or similar it would be very easy to detect = it would defeat the purpose.

Yes, there are people who have a Mac who know nothing about technology and think they're immune to everything solely because they have a Mac.. but there are a far greater amount of people who are PC-biggot ******** who trash on Mac simply because it's branded as "easy to use" for newbies and do not require technological savvyness to use.

Who's the biggot. The one stating the truth "Get a mac and you won't have virus problems." or the one saying "Yeah whatever. Mac sucks. You're stupid, any computer can get viruses and one day Mac will have them."

Apple will deal with that when it happens, but right now, the fact of the matter is that if you have a Mac, you WILL have ZERO of the problems you have when dealing with Windows, this includes:

1. Viruses
2. Spyware
3. Stupid bugs that haven't been fixed since Win95, and probably never will be
4. Having to spend 4 hours fixing some stupid thing before you can do something that would take 5 minutes otherwise

and the list goes on and on. Can you get a virus on a Mac? Of course it's POSSIBLE. but is it likely? Probably not.

So unless your motives are pure and unbiased when it comes to dissing the Mac, shut the hell up.
Posted by hillie (1 comment )
Reply Link Flag
Is using Trillian safe? AIM Express?
I normally use Trillian instead of AIM, or at work AIM Express. Are either of these considered safe to use?
Posted by PJinNH (2 comments )
Reply Link Flag
Interface doesn't matter
Using Trillian or another 3rd party IM interface won't protect you. The virus appears as a link in an IM from one of your (infected) buddies. You voluntarily install it by clicking on the link.
Posted by uselessknowledge (1 comment )
Link Flag
I normally use Trillian
<a class="jive-link-external" href="http://www.analogstereo.com/infiniti_g35_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/infiniti_g35_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
Hey MAC bigots...
The story says the worm delivers a R-O-O-T-K-I-T.

If you, in your Apple induced technology stupor, do not know what a R-O-O-T-K-I-T is, then I would encourage you to put down the Kool-Aid, shut your pie hole, and do some research.

Even you - YES YOU - are vulnerable to the emerging R-O-O-T-K-I-T threat.
Posted by rivsys (26 comments )
Reply Link Flag
Microsoft need to copy Apple...
Even is a Mac rootkit were out there it still needs administrator
priviledges to install itself. As soon as that dialog box shows up
asking for it, it's a dead giveaway that it's something I don't want
installed.

Come on, Microsoft, copy this small detail from Apple and rid the
world of these auto-installed menaces.
Posted by erikvandermey (1 comment )
Link Flag
This attack does NOT affect MAC
As someone posted above, ROOTKITS are available for all opperating systems. THIS rootkit, however, is one that only works in a Windows environment.

Futher, this rootkit is installed in a way that would not be possible on a Mac. Mac is using a version of Unix known as Darwin. This is a HEAVILY permissions based filesystem, that does not allow for arbitrary writing of files to the disk. In fact, in order to even ATTEMPT to install this software the user would have to type in an administrator's password, for EACH installed item. This would definately alert any Mac user that something is up. Of course, the software would have to be written to RUN on a MAC in the first place, which it is not.

Regarding your request that Mac users do some research shows that the author of the above comment is not familiar with the typical Mac user. *MOST* Mac users are former Windows users. Usually people who were completely Windows literate, but were tired of having to hold in that power button on the front of thier computers because the system FROZE. Or, people who were looking for a more intelligent computing experience, meaning, that a more efficient interface means more work gets done faster. There is also a HUGE number of Linux users (of which I am one) switching to the Mac. In the realm of knowlegable computer users, Linux users tend to rank a bit higher than your average Windows user, so to insult the Mac community by saying that we need to do some "research" simply shows that you have not done your own.
Posted by fuzzyfree (1 comment )
Link Flag
Het Clueless Morons
B A, you should grasp a basic understanding of computers and operating systems before you make incorrect comments. A rootkit that is a .exe and compiled for Windows isn't going to run on a Mac. A rootkit isn't really the best term for this when it is run on Windows. So, they are NOT, vulnerable.
Posted by ericbusa (1 comment )
Link Flag
Give Me a Break
Sure, rootkits can be used on *nix systems. But you have to be
able to exploit the system first in order to install it. That's were the
difference lies--MS Windows has about 20x the vulnerabilites of a
well-run *nix system. Not only that, but as I am sure you know
(since you seem so wonderfully educated) a rootkit needs to be
designed for a specific OS. In the case of the AIM rootkit, *nix
systems are not vulnerable.
Posted by ogshotime (1 comment )
Link Flag
PC Bigot...
Mac is a solution. I know people that are switching because of the virus/spyware issue. A rootkit is a way to compromise a system on a root level. Funny that the PC is a root user.

I rather do admin on a mac than a PC. You need a degree on spyware and viruses to admin a PC.

You would think that Gates and company would just buy out the spyware and virus makers considering that is what they do. But I guess that they are off spending your money on real things like AIDS. A good thing no doubt but a product of PC spending.

Here is a clunker for PC users-- your private information is in the hands of some guy in Mexico who wants your ID and your cash.

AS far as AIM is concerned. With the mass marketing of their service you would think they could patch this bug. oh, that is right PC users like to send spam inavertantly...
Posted by snowball77 (92 comments )
Link Flag
Re: Hey MAC bigots
I'm not a MAC bigot by any stretch of the imagination (haven't done more than turn one on in the past five years), however, the Mac users may as well be invulnerable to this attack for three very simple reasons.

1) Few people use Macintoshes, comparatively speaking. This means that few people will bother writing toolkits for it.

2) Because so few people use Mac, there is less interest in spyware written for it. This article seems to indicate that one of the primary reasons for this toolkit is to deploy spyware, possibly as a means of making money for the creators of the rootkit.

3) OS X is based on the BSD kernel, and so it is less vulnerable to rootkits in general (though not impervious, I'm sure).

At any rate, you should save your hostility for the people who create worms.
Posted by finalrain (1 comment )
Link Flag
Hey AntiMac bigot
Rootkit does not mean the root user on a mac. Besides, the root
user on MacOSX is disabled unless you really know how to dig
deeply into the OS and enable it. So just sit back down and scan
for this one. I'm going to have a taco:)
Posted by wgcarver (1 comment )
Link Flag
Rootkits
Yes the name comes from the UNIX world, where a rootkit was a "kit for getting root". Rootkits had to cover their tracks. It's funny to hear the term being used in the Windows world.

I'm not sure if it's the right term. Most Windows users run as root anyway, so getting root is no problem. You already have it. The naming must come from the ability to hide from antivirus software, but viruses have been trying to do that for years. I suppose the only new thing is that it comes in kit form.
Posted by bugmenot (10 comments )
Link Flag
EXE files silly!
Yeah my mac will be infected with the rootkit as soon as its able to
open .exe files, haha... silly people! maybe my VPC drive will... but
oh well its windoze
Posted by (12 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.