Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
AIM bot creates "fight combos" to spread
Published: 2006-09-18

Online attackers have created an instant-messaging bot program that chains together a number of executable files, similar to the combination moves in fight games, depending on the attacker's need.

The software, dubbed the AIM Pipeline worm, uses modular executable files to infect machines with different functionality but also to make the bot network's growth more robust: if a Web site hosting one of the components gets shutdown, the other pieces of the worm can still spread.

"These guys have made their files interact with one another, yet managed to keep their standalone functionality intact so they don't go pear-shaped if a link in the chain goes down," Christopher Boyd, the security research manager for FaceTime Security Labs and the webmaster for, stated in a blog posting to that Web site. "The file simply moves onto the next one--or it just gets on with it's business. Randomness is at the heart of this attack; the thousand-strong bot net at the heart of this operation would suggest a thriving business, too."

Boyd likened the technique to the fight combos common in martial arts video games.

America Online has blocked the URLs used in the messages sent by the AIM Pipeline worm since last Tuesday, AOL spokesman Andrew Weinstein said in an e-mail to SecurityFocus.

Bot software has become a major threat in the past few years. In a recent report, Microsoft labeled bot nets and backdoor Trojan horses as the most serious threat its users face. Bots generally are programmed to allow for easily adding new ways of compromising machines, such as the recent flaw in the Windows Server service. Recognizing the threat, law enforcement officials have increasingly focused on tracking down the people who create and spread bot software, such as the writer of the Zotob worm and a man whose bot software caused malfunctions at a Seattle-area hospital.

UPDATE: The news brief was updated with a statement from AOL indicating that the company has been filtering out the URL used by the AOL Pipeline worm for almost a week.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
AIM bot creates "fight combos" to spread 2006-09-18
Andrew Weinstein, Spokesperson, AOL


Privacy Statement
Copyright 2009, SecurityFocus