AIM for bot coordination

Lysa Myers McAfee AVERT

  download slides (PDF)

In the last few years, there has been increasing interest within the virus-writing community in Internet Relay Chat (IRC) based malware, due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure. More recently, there has been an increase in the number of malware spreading through Instant Messaging clients, particularly OSCAR-based clients like AOL Instant Messenger (AIM).

As there has also been an increase in bots using Command and Control (C&C) channels that utilize something other than IRC (primarily web-based currently), it stands to reason that there may be a possibility of virus writers using OSCAR as a means of control, as AIM also enables its clients to use chat rooms.

This paper looks to explore the capabilities of OSCAR for being used in C&C scenarios, and what steps could be taken to mitigate this proactively.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.