Hackers Building 'botnet' With AOL Instant Messaging Worm

Hackers using computer worms sneakily implanted via America Online
(AOL) instant messages were building a potentially evil "botnet," a
Silicon Valley Internet security firm said.

FaceTime security specialists advised users not to open any files sent
to them via AIM.

FaceTime Security Labs identified the worm as "W32.pipeline" and
said the executable software tricked its way into people's computers
by posing as a picture attached to an instant message from someone on
their AOL "buddy list."

Once in computers, the worms open the doors to download infectious
software that essentially lets those behind the invasion take control
the machines, according to FaceTime.

"The motivation for the bad guys seems to be in lining up as many
'install chains' as possible to insure a consistent pipeline that
can be controlled by their rogue botnet," said FaceTime director of
malware research Chris Boyd.

AIM users are duped into letting the worms in through psychological
ploy from the "social engineering" playbook, according to FaceTime.

The infected attachments are disguised as image "JPEG" files and
arrive with AIM messages to the effect of "hey would it (be) okay if i
upload this picture of you to my blog?"

The worm sends copies of itself to addresses found on AOL instant
messaging (AIM) buddy lists of newly infected machines, FaceTime said.

The robotic computers can be amassed in a network referred to as a

"FaceTime researchers believe that the ultimate goal of the
W32.pipeline is to create a sophisticated botnet that can be used for a
range of malicious purposes," the Foster City, California, company
said in a statement.

Botnets under the control of hackers can be mined for personal
information or used to send junk e-mail or overwhelm business websites
with simultaneous requests in what are known as "denial-of-service"

Hackers could also use zombie machine armies to commit "click
fraud" by having them repeatedly connect to Internet advertising
for which businesses are charged per click.