AOL instant messenger (IM) users are the target of a newly discovered worm that turns machines into part of a botnet after they're infected.
Called W32.pipeline by FaceTime Communications, the worm delivers an executable file after the user views what appears to be a JPEG. Once infected the malware calls out to host computers and distributes the worm through a user's buddy list, according to FaceTime's SpywareGuide.
One infected, a PC could be used to distribute spam or perform DDoS attacks on other computers.
The worm first appears as a familiar IM message, such as, "Hey, would it okay if I upload this picture of you to my blog?"
Chris Boyd, director of malware research for FaceTime Security Labs, told SCMagazine.com today that he believes his lab caught the hackers before they had a chance to refine the false JPEGs they would continue to use in attacks.
"(IM attacks) are a good way to infect people, and it's very easy to fire off infection messages through command challenges. It is a good place to get things moving with botnet infections," he said. "The thing I'm excited about is that we seem to have caught them in mid-air, and it seems that a lot of these files will be replaced by the real files. It's difficult to see the way they're going to push this thing."
Scott Petry, Postini founder, CTO and executive vice president of product development, told SCMagazine.com today that IM is an easy target for malicious users because of its lack of protection in the corporate world.
"It's like these machines are hanging open on the internet, completely unprotected. I think the hackers are finding any avenue into an organization with their malware that they can," he said.
Click here to email Frank Washkuch Jr.
