A sophisticated computer worm spreading via AOL Instant Messenger (AIM) is setting up a botnet that may be difficult to combat, security researchers said.The worm, known as W32.pipeline, propagates when AIM users click on a Web link that appears to have been sent to them by someone on their buddy list. They receive a message along the lines of, “Hey, would it be OK if I upload this picture of you to my blog?” If the recipient clicks on the link, an executable file that looks like a JPEG will download into a Windows folder, according to researchers at security company FaceTime Communications.The file can then execute a number of different attacks, said Chris Boyd, security research manager for FaceTime Security Labs and the researcher who discovered the worm. It can open up the e-mail port on the PC and send out spam messages. It can also install a variant of the “hacker defender” rootkit, which is widely deployed and difficult to remove.One of the most dangerous aspects of the worm is that it can also connect to remote file upload sites, which Boyd believes the worm authors’ use as sort of staging sites where they can continually download new infections. Once a computer is infected, the program will propagate using the same instant-messaging method. The worm is unique because the program seems to be able to contact a number of different sites around the globe randomly. FaceTime researchers had different results when running the same file. “Previously, where we’ve seen something similar to this attempted, if one file is pulled offline or removed by an ISP, the whole chain goes down,” Boyd said. “But this one, if one file goes missing or gets pulled down, it will potentially make a call to another file. It has quite a random aspect to it.”So far, he estimates that the botnet—a group of similarly infected computers that are remotely controlled—has 1,000 to 2,000 members. More computers may have been infected but not made part of the botnet. The best defense is for AIM users to be wary of clicking on links. If a user receives an unexpected link from a buddy, the user can always reply to ask if that person sent the link, to make sure it is legitimate.FaceTime has updated its virus protection software to prevent users from infection, and other antivirus vendors may do the same. AIM users who get infected can try to remove the worm but may have to wipe and reformat their drives to get rid of it.-Nancy Gohring, IDG News Service (Dublin Bureau)Related Link: Report: 2 Moroccans Jailed for Releasing Zotob WormCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe