Users of AOL's instant messaging software, AIM, should be on the lookout for an innovative new worm, variously named "Oscarbot-B" and "Doyorg" by antivirus companies.
The Windows-based malware emerged early this week, and has made itself a nuisance for its ability to hijack the list of contacts or "buddies" in an infected user's IM account. After opening a window to any one of these contacts with the message "Hey check this out," it invites users to follow an embedded link. Anyone who clicks on this will risk becoming its next victim.
On machines where infection is successful, the worm creates a backdoor into Internet Relay Chat to download and run files on the instruction of the attacker, giving remote access to that PC.
Intriguingly, the attempt to spread via AIM is not initiated immediately, and depends on a further instruction from the attacker to start the infection/attack cycle anew. This might explain why the infection cycle has thus far moved slowly without being widely commented on by antivirus companies.
Although its effects are little worse than a nuisance right now, in the world of malware that counts for nothing.
Graham Cluley of Sophos, an antivirus company that targets business customers, suggests that companies needed to consider whether IM was worth the risk.
"Fundamentally, many businesses will have to ask their staff if they really need IM for their day-to-day work and if not it may be more sensible to take it away," he says. "We're certainly seeing more instant messaging malware being written, although they haven't yet had the same kind of impact as email-aware worms or Internet worms."