Jump to content
CCleaner Community Forums
Sign in to follow this  

AIM battling Nefarious Bot

Recommended Posts

AOL has cut off access to certain IP addresses from its instant messenger network in order to slow down the possible impact of a bot spreading over AIM.


"I will note that this started with a click happy user on AIM to the best of our knowledge," SANS diarist Scott Fendley wrote in the opening of the report.


The SANS Internet Storm Center posted about a submitted report on a bot making the rounds via AIM. The bot attempts to contact other bots and sites by using an encrypted P2P connection to port 8/TCP on machines.


"Flow analysis and/or tcpdump looking for mysterious port 8/TCP traffic seems to be the best way to detect these infections on your network," the report said, noting that the bot does not use DNS to find other Command & Control sites.


By using a test computer to observe the bot's behavior, the submitter noted its behavior. The bot tried to connect to 22 hardcoded IP addresses over port 8/TCP. "Since it tried to contact each of these many times, and not any other IP addresses, I feel it is fairly safe to guess it was not randomly selecting IPs to obscure "the real C&Cs"."


Symantec reported on its Security Response Site that the bot can propagate through email and over network shares.


Users and corporate admins should ensure their antivirus signatures are up to date. They can avoid potential exploits by verifying their systems have been updated with available patches to shut down any holes the bot could use to enter a system or a network.




Share this post

Link to post
Share on other sites

AOL users are dumb.

I dont use AOL or AIM. :D

Death to all who does!

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...