FOSTER CITY, CALIF - January 6, 2006 - Research
experts at FaceTime Security Labs™, the threat research division of
FaceTime Communications, identified and reported a new threat today
affecting AOL Instant Messenger (AIM) applications. The new worm
targets PC hosts infected with lockx.exe or palsp.exe and utilizes
IRC enabled malware to connect the host to a server for further
infection through a series of commands. One of the commands has the
ability to control the AIM client on the infected host and send a
message containing links to the AIM buddy list. When recipients
click on the link they become infected with new variants of the IRC
enabled malware along with an installation executable "creame.exe"
which delivers multiple adware payloads including Zango and 180
solutions. Who is affected: All users who have
been infected by the 'lockx.exe" or "palsp.exe" or its variants are
at most risk. Users can initiate a free online scan which can
detect and disable files such as lockx.exe by visiting:
www.facetime.com. Threat Type: Worm Risk
Level: High Additional Information:
This worm sends one of the following messages to buddies on the
AIM contact list of the infected machine:
- "great picture :)
http://www.picteurestrail.net/Mastermon/XXXXXX.JPG", or
- "not a right time to take a picture haa :-)
http://www.picteurestrail.net/Mastermon/XXXXXX.JPG"
- "not a right time to take a picture haa :-)
http://www.pictrail.net/Matelord/XXXXXX.JPG"
- "not a right time to take a picture haa :-)
http://www.picstrailx.net/Mateslord/XXXXXX.JPG"
This past November, FaceTime security researchers discovered how
the AIM RootKit worm was tied to the worldwide Bot network
controlled by a hacking group in the Middle East. FaceTime
Customers Can Prevent This Threat
FaceTime Enterprise Edition and IMAuditor customers can
proactively block these malicious threats and prevent infections
before they happen by blocking downloads of the specific executable
files associated with the threat. FaceTime also recommends
activating the Day Zero Defense System within IMAuditor 6.5. The
system utilizes anomaly detection techniques to analyze multiple
characteristics of IM-borne worms and other malicious code against
normal behavior, and provides patent-pending protection against
these threats without the need for traditional security signatures.
FaceTime RTGuardian customers are automatically protected if they
have auto update features enabled. FaceTime's X-Cleaner customers
(formerly XBlock) should download the latest update and scan their
PC to detect and remove lockx.exe files.
About Actiance, Inc. (Formerly FaceTime Communications, Inc.)
FaceTime Communications became Actiance, Inc on January 11, 2011 following an agreement to
transfer the FaceTime trademark to Apple.
FaceTime Communications enables the safe and productive use of Unified Communications and Web 2.0,
including instant messaging, blogs and social networking. Ranked number one by IDC for five consecutive
years, FaceTime's award-winning solutions are used by more than 1,500 customers for the security,
management and compliance of real-time communications. FaceTime supports or has strategic partnerships
with all leading IM, unified communications providers and social networks including AOL, Google, Yahoo!,
Skype, Microsoft, IBM, Cisco, Facebook, LinkedIn and Twitter.
FaceTime is headquartered in Belmont, California. For more information visit
http://www.facetime.com or call 888-349-3223.
PR Contact Information: