A rootkit dispersed through AOL Instant Messenger that first appeared in late October has been traced to an unidentified Middle Eastern group.
Researchers from FaceTime Security said Thursday that the lockx.exe rootkit, which is also being investigated by the FBI, was used as a back door for additional malware to infect PCs. The malware is then capable of stealing usernames, passwords and other personal information.
Kailash Ambwani, president and chief executive officer of FaceTime, said compromised bot computer could be used to target other PCs in a coordinated attack.
"We have delivered detailed research information to the US federal authorities and are fully cooperating with their efforts," he said in a statement. "This army of bots could be used for any number of malicious purposes including a denial of service attack against targeted websites."
About 17,000 users were found to be compromised by the rootkit on a single server, FaceTime said.
Tyler Wells, senior director of engineering for FaceTime, said he could not disclose exactly where the threat originated.
"We left an infected machine up and running, and within two weeks it had infected the machine with more malware," he said.