AIM Bot Being Built
Researchers at FaceTime Communications discovered the threat, which spreads through AOL's instant messaging client, and traced its still-under-construction attack profile through servers in the U.S. and South Korea. The exploit remains unfinished, said FaceTime, which found that many of the domains called by initial attack file are missing the necessary infectious files.
At this point, users who click on the Web link embedded in the bogus AIM message and launch the ensuing file may become part of an IRC-controlled botnet, said FaceTime in a research note posted online.
"This attack is very well structured and 'modular' in concept, so the people behind it can shuffle their executables around, download new infections to target PCs, and do pretty much anything else they feel like doing," wrote Chris Boyd, FaceTime's director of malware research.
And the exploit's creators may not be finished. "Though it's always exciting to catch somebody in the final stages of putting their master plan together, it's also a touch worrying as you know that they're not quite done yet," wrote Boyd. The bot, which is password-protected and cannot be controlled by standard IRC clients, may be beefed up with rootkit technology, Boyd said.
"We think this group have many more executable files ready and waiting to go live, so where this one will end up is anyone's guess."