Today’s attempt to take over your machine: Fake AIM updates
Thu, Jan 21, 2010 by David Romerstein
Within the last few hours, Cloudmark has seen a marked increase in messages claiming that the recipient’s AIM account is about to be closed and that, to prevent that from happening, the recipient must download and install a new update to the AIM software.
Subject lines include:
- AIM critical update
- Your AOL Instant Messenger will be deleted
- AOL Instant Messenger critical update
Kaspersky identifies the downloaded file as an installer for the Zeus bot, which has been used both for spamming and for stealing personal information and was most recently in the news for having made a home within the Amazon cloud.
As always, practicing safe computing will help you. Be wary of ‘security alerts’ that ask you to download files, pay attention to those URLs (www.aim.com/download is not the same as www.aim.com.download.botdomain.com), and keep your anti-virus and anti-malware programs up-to-date.