Beware Of IM Greeting Cards

Akonix Systems Inc. today said it has identified a new instant messaging worm named W32/Aimdes.E, that disguises itself as a holiday greeting card.

Holiday greetings present a vulnerable avenue of attack and Akonix warns that this method will most likely be used throughout the month of December. The Akonix Security Center has classified the worm as low risk and immediately pushed updates to its customers for protection against this threat.

Aimdes.E is downloaded once a recipient opens the greeting card. Upon execution, the memory-resident worm propagates through an IM network by sending the following message to other users listed on the infected user's buddy list:

"The user has sent you a Greeting Card, to open it visit: http://g{BLOCKED}aol.com/index.pd?source=christmastheme?my\\_christmas\\_card.com"

When a recipient clicks the link, the worm automatically installs itself on the affected system. The worm also has backdoor capabilities, Akonix warns. It opens random ports and comes with a built-in Internet Relay Chat (IRC) client engine, which enables it to connect to an IRC channel and wait for several commands from a malicious user.