AIM for bot coordination presented at Virus Bulletin 2006

by Lysa Myers (Mcafee avert),

Tags: Security


Summary : In the last few years, there has been increasing interest within the virus-writing
community in Internet Relay Chat (IRC) based malware, due to the power afforded by the
IRC scripting language and the ease of coordinating infected machines from a chat-room
type of structure. More recently, there has been an increase in the number of malware
spreading through Instant Messaging clients, particularly OSCAR-based clients like
AOL Instant Messenger (AIM). As there has also been an increase in bots using Command and Control (C&C) channels
that utilize something other than IRC (primarily web-based currently), it stands to
reason that there may be a possibility of virus writers using OSCAR as a means of
control, as AIM also enables its clients to use chat rooms.This paper looks to explore the capabilities of OSCAR for being used in C&C
scenarios, and what steps could be taken to mitigate this proactively.