AIM for bot coordination

Lysa Myers McAfee AVERT

In the last few years, there has been increasing interest within the virus-writing community in Internet Relay Chat (IRC) based malware, due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure. More recently, there has been an increase in the number of malware spreading through Instant Messaging clients, particularly OSCAR-based clients like AOL Instant Messenger (AIM).

As there has also been an increase in bots using Command and Control (C&C) channels that utilize something other than IRC (primarily web-based currently), it stands to reason that there may be a possibility of virus writers using OSCAR as a means of control, as AIM also enables its clients to use chat rooms.

This paper looks to explore the capabilities of OSCAR for being used in C&C scenarios, and what steps could be taken to mitigate this proactively.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘The conference was very well organised, talks kept to a strict schedule, the speakers were very professional and the technical content was very good.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

Jobs

In Virus Bulletin's jobs pages among others:

UNIX/Linux Programmer (Košice, Slovakia)
Virus analyst (Saint-Petersburg, Russian Federation)

Virus Bulletin currently has 190,950 registered users.

Fighting malware and spam