Quick Hits

‘Frankenstein’ rootkit hits AIM users

A potentially destructive new worm is targeting users of AOL’s AIM instant messaging (IM) service. Called W32/Sdbot-ADD by Facetime Security Labs, the vendor that first reported its existence in a less harmful version some weeks ago, this is a worm with a troubling and innovative twist — it installs a rootkit-like backdoor on any machine it manages to infect. An attack starts with an AOL IM user being asked to open a link, apparently at the request of an AOL “buddy” or contact. Clicking on this initiates the infection sequence, which starts by dumping a number of adware files, and the rootkit software itself, lockx.exe. Once on the PC, the malware attempts to shut down anti-virus software, install software that allows the PC to be remotely controlled by IRC, and open a backdoor for future attack.

Clicking, clacking and snooping

The idea of snooping on keyboards has been around since the Cold War, when Soviet spies bugged typewriters in the American embassy in Moscow. Now researchers at the University of California, Berkeley, have found a way to turn the clicks and clacks of typing on a computer keyboard into a startlingly accurate transcript of what is being typed. The researchers have developed software that can analyze the sounds of someone typing on a keyboard for 10 minutes and then piece together as much as 96 per cent of what was typed. The technique works because the sound of someone striking an “A” key, for example, is different from the sound of striking the “T.” Even randomly generated passwords are not secure: researchers were able to guess 90 per cent of the five-character passwords they generated within 20 tries.

Quick Link 050732