The Gabby-A virus is no longer impacting users of America Online’s
instant messaging network, according to the IMlogic Threat Center.
The worm had been spreading through AOL’s IM service.
When users clicked on a URL that linked to a Web site containing malware, it
would then send similar messages to all of the users on their buddy
lists, according to the firm.
The threat was labeled a ‘Medium Risk Threat’ by IMlogic.
The worm, which earlier had moved through the wild via AOL, used the
phrase, “Hey check out this!” with the word ‘this’ underlined. Once a user clicked on ‘this’ they were
linked to pictures.php, which downloads the payload and propagates the worm,
according to IMlogic.
The company said it coordinated with AOL to block the malicious URL
completely on their network.
The code is very similar to the Kelvir virus that recently impacted the
MSN Messaging Network, according to the threat center. Gabby-A used the same
social engineering trick to lure unsuspecting users into clicking the link.
AOL has blocked further propagation of the worm on its network and is
now warning organizations to be on guard for the likely propagation of
variants of the Gabby-A virus.
In a statement released by IMlogic, the firm warned that the ease of
variant production for this type of worm makes an attractive target for
copycat writers.
IMlogic recommends organizations update with the latest security patches
and that all out of date clients have been blocked from accessing AOL’s
IM network.