We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Instant messaging worm is tough to fight

Threat to AIM has 'random aspect'

A sophisticated computer worm spreading via AOL Instant Messenger (AIM) is setting up a botnet that may be difficult to combat, security researchers said.

The worm, known as W32.pipeline, propagates when AIM users click on a web link that appears to have been sent to them by someone on their buddy list. They receive a message along the lines of, "Hey, would it be okay if I upload this picture of you to my blog?" If the recipient clicks on the link, an executable file that looks like a Jpeg will download into a Windows folder, according to researchers at security company FaceTime.

The file can then execute a number of different attacks, said Chris Boyd, security research manager for FaceTime Security Labs and the researcher who discovered the worm. It can open up the email port on the PC and send out spam messages. It can also install a variant of the 'hacker defender' rootkit, which is widely deployed and difficult to remove.

One of the most dangerous aspects of the worm is that it can also connect to remote file upload sites, which Boyd believes the worm authors use as sort of staging sites where they can continuously download new infections. Once a computer is infected, the program will propagate using the same instant-messaging method.

The worm is unique because the program seems to be able to contact a number of different sites around the globe randomly. FaceTime researchers had different results when running the same file. "Previously, where we've seen something similar to this attempted, if one file is pulled offline or removed by an ISP, the whole chain goes down," Boyd said. "But this one, if one file goes missing or gets pulled down, it will potentially make a call to another file. It has quite a random aspect to it."

So far, he estimates that the botnet - a group of similarly infected computers that are remotely controlled - has 1,000 to 2,000 members. More computers may have been infected but not made part of the botnet.

The best defence is for AIM users to be wary of clicking on links. If a user receives an unexpected link from a buddy, the user can always reply to ask if they have sent the link, to make sure it is legitimate.

FaceTime has updated its virus protection software to prevent users from infection, and other antivirus vendors may do the same. AIM users that get infected can try to remove the worm but may have to wipe and reformat their drives.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model