Imagine you’re chatting with friends in an AOL IM chat room one minute, you click on a seemingly innocent link, and the next minute your computer is taken over by a worm delivering an extraordinarily nasty payload. That’s precisely what happened just a few days ago. CNET news has a good breakdown on this ugly trick, originally discovered and reported by Facetime. If that wasn’t bad enough, the worm also leaves the victim with adware including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle.
Paperghost has an interesting theory about the inclusion of adware. Victims might be so focused on removing the adware, they could easily overlook the rootkit, a scary thought. He calls it “the art of stealth, using a 16-wheel juggernaut”. Paperghost also notes that this is the first time 180solutions’ Zango has been found in a stealth installation and asks “how could this happen?” Indeed, especially since 180solutions has been touting their efforts to clean up their distribution channels. Perhaps there will be an explanation on 180’s new blog. Wayne Porter, Facetime’s senior greynet director, blogged about the story and included links to additional coverage.