IDG News Service - A new form of malicious instant-message bot is on the loose that talks back to the user, possibly signifying a potentially dangerous trend, an instant messaging security firm said.
IMlogic Inc. issued the warning late yesterday after citing a recent example of such a malicious bot. On Monday, the company first published details of a new threat known as IM.Myspace04.AIM. Once the computer of an America Online Inc. IM user is infected, the bot sends messages to people on the infected user's buddy list, making the messages appear to come from the infected user. The user isn't aware that the messages are being sent. If recipients click on a URL sent with a message, they will also become infected and start spreading the virus.
A bot is a program that can automatically interact with people or other programs. AOL, for example, has bots that let users ask questions via IM, such as directory queries, and the bot responds.
The unusual part of this malicious bot is that it replies to messages. If a recipient responds after the initial message, the bot replies with messages such as "lol no its not its a virus" and "lol thats cool." Because the bot mimics a live user interaction, it could increase infection rates, IMlogic said.
IMlogic continues to analyze this threat but so far it seems to only be propagating and not otherwise affecting users.
An AOL spokesman said today that the company's IT staff has not yet seen the bot appear on its network. The company said it reminds its users not to click on links inside IM messages unless the user can confirm that he knows the sender and what is being sent.
Some similar IM worms install spybots or keyloggers onto users' computers, said Sean Doherty, IMlogic's director of services in Europe, the Middle East and Africa. Such malicious programs record key strokes or other user activity in an effort to discover user passwords or other information.
"What we're seeing with some of these worms is they vary quickly, so the initial one may be a probe to see how well it infected users, and then a later variant will be one that may put a spybot out," Doherty said. The initial worm could be essentially a proof of concept coming from the malware writers, he said.
Computerworld staff writer Todd Weiss contributed to this article.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
