» Topic:  Rootkit worm linked to hacker group in Middle East

» Added by:  Greg Sandoval

» Date:  18.11.2005

  Security sleuths at FaceTime Communications say they have linked a group of hackers operating in the Middle East to a worm that began spreading last month via America Online's Instant Messenger service.

Experts at FaceTime's security unit reported Thursday in the United States that the hacker group has seized control of at least 17,000 computers across the globe. The hackers have the capability to pilfer personal information from a computer's hard drive or remotely commandeer a PC to help launch attacks against companies or networks.

FaceTime, headquartered in Foster City, California, has alerted the FBI and warned that the 17,000 computers were controlled by a single compromised server. There is a chance that the hacker band may control other servers and thousands more computers, according to Tyler Wells, senior director of engineering at FaceTime.

"The fact that they are using instant messaging is a disturbing trend," Wells said. "These guys are using BitTorrent and other applications to control PCs, and that is getting a bit scary."

The FBI did not immediately respond to a request for comment.

BitTorrent is a file-sharing tool that could enable the hackers to steal large files more easily, Wells said.

On October 28, FaceTime identified a rootkit worm designed to go undetected by the security software used to lock down control of a computer after an initial hack.

Subsequent research has revealed that the rootkit worm piggybacking on AOL Instant Messenger acts as a back door for adding spyware, which can be used to pilfer usernames, passwords and other personal information.

A hacker can control this process through Internet Relay Chat communications.

Wells said FaceTime traced specific signatures within various code associated with the exploit. This gave them the ability to resolve where the exploits originated.

Source : www.zdnet.com.au