Serious AIM worm at work

AOL'S Instant Messenger (AIM) is being rapidly infected by a nasty worm which aims to create a fairly hairy Botnet which is difficult to kill.

According to CIO Tech Informer, the W32.pipeline worm requires AIM users to click on a web link which appears to come from someone on their buddy list.

The link causes an executable file that looks like a JPEG will download into a Windows folder. According to security outfit FaceTime Communications it installs a variant of the "hacker defender" rootkit which seems to protect its other activities and make it hard to kill.

The other problem is that the Botnet that the worm contacts a number of different sites around the globe randomly. Normally if security people manage to kill the site where the botnet's files are based the whole thing collapses. However this botnet calls a random file from somewhere else meaning it keeps going.

More here. µ