Worm turns on AOL chat service

First instance of a rootkit coming through IM, warns security firm

Security researchers have identified a worm spreading through AOL's instant messaging client and chat rooms.

The rootkit file is being passed through instant messages from members on a user's 'buddy' list. Bundled with the previously identified W32/Sdbot-ADD worm, the lockx.exe rootkit file is installed when users click on the link within the IM window.

Although the worm is not new, this is its first appearance on AOL's AIM system. Even more concerning is that rootkits have not previously been spread via IM.

"This is the first instance of a rootkit coming through the IM vector," said Tyler Wells, senior director of engineering at FaceTime Communications.

FaceTime discovered the rootkit using honeypots monitoring IM networks, websites and chat rooms for malicious content and URLs.

The company said in a statement that the rootkit could give an attacker access to, and remote control of, the PC and could steal information or promulgate more viruses by using the PC in a 'bot' network.

W32/Sdbot-ADD seems particularly dangerous and can be passed along to users on the buddy list.

The rootkit can shut down antivirus software, alter the user's search page, push CPU usage to 100 per cent and automatically download unwanted programs such as 180Solutions, Zango, MaxSearch and others.

AOL said that it is looking into the problem.