A new breed of malicious instant-message bots is on the loose, according to IMlogic, the developer of enterprise instant-messaging security applications.
Not a LOL matter
IMlogic issued the warning late on Tuesday and cited a recent example of such a malicious bot. On Monday, IMlogic first published details of a new threat known as IM.Myspace04.AIM. Once the computer of an AIM (AOL's instant-messaging software) user is infected by the IM.Myspace04.AIM bot, the bot sends messages to people on the infected user's buddy list, making the messages appear to come from the infected user. The infected user isn't aware the messages are being sent. If recipients click on a URL sent with a message, they'll also become infected and start spreading the virus.
A bot is a program that can automatically interact with people or other programs. AOL, for example, has bots that let users ask questions via IM, such as directory queries, and the bot responds.
The unusual part of this bot is that it replies to messages. If a recipient responds after the initial message, the bot replies with messages such as "lol no its not its a virus" and "lol thats cool." Because the bot mimics a live user interaction, it could increase infection rates, IMlogic said.
IMlogic continues to analyse this particular threat but so far it seems to only be propagating and not otherwise affecting users.
Some similar IM worms install spybots or keyloggers onto users' computers, said Sean Doherty, director of services in EMEA for IMlogic. Such malicious programs record keystrokes or other user activity in an effort to discover user passwords or other information.
"What we're seeing with some of these worms is they vary quickly so the initial one may be a probe to see how well it infected users and then a later variant will be one that may put a spybot out," Doherty said. The initial worm could be essentially a proof of concept coming from the malware writers, he added.