AIM for bot coordination

Lysa Myers McAfee AVERT

In the last few years, there has been increasing interest within the virus-writing community in Internet Relay Chat (IRC) based malware, due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure. More recently, there has been an increase in the number of malware spreading through Instant Messaging clients, particularly OSCAR-based clients like AOL Instant Messenger (AIM).

As there has also been an increase in bots using Command and Control (C&C) channels that utilize something other than IRC (primarily web-based currently), it stands to reason that there may be a possibility of virus writers using OSCAR as a means of control, as AIM also enables its clients to use chat rooms.

This paper looks to explore the capabilities of OSCAR for being used in C&C scenarios, and what steps could be taken to mitigate this proactively.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 224,239 registered users.