|
Once the worm has seated itself on the computer, it downloads a variant of the Agent downloader Trojan and four adware apps: MediaGateway, ProSitefinder, SAHAgent, and the Websearch toolbar. Olameg then continues its spread via AOL Instant Messenger, sending a hyperlink to AIM contacts with the text "this picture never gets old".
Olameg contains IRCbot functionality, connecting to an IRC server upon infection and sending a message to alert the attackers who then are able to remotely manipulate the worm.
To prevent Olameg and other instant messaging threats, see Tips for IM Safety.
To remove the adware installed by Olameg, use an up-to-date spyware scanner.
|
