Lysa Myers McAfee AVERT
download slides (PDF)
In the last few years, there has been increasing interest within the virus-writing community in Internet Relay Chat (IRC) based malware, due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure. More recently, there has been an increase in the number of malware spreading through Instant Messaging clients, particularly OSCAR-based clients like AOL Instant Messenger (AIM).
As there has also been an increase in bots using Command and Control (C&C) channels that utilize something other than IRC (primarily web-based currently), it stands to reason that there may be a possibility of virus writers using OSCAR as a means of control, as AIM also enables its clients to use chat rooms.
This paper looks to explore the capabilities of OSCAR for being used in C&C scenarios, and what steps could be taken to mitigate this proactively.