Worm takes AIM at your buddies

A new worm spread quickly on AOL's AIM instant messaging service on Wednesday afternoon but was contained within hours, experts said.

The worm spread in instant messages with the text: "LOL LOOK AT HIM" and included a web link to a file called "picture.pif". If that file was downloaded and opened, the worm would send itself to all contacts on the victim's AIM Buddy List, according to representatives from IM security companies Facetime and IMlogic.

With earlier, similar worms, downloading and opening a file would also install a backdoor or other malicious code on the victim's PC, said Jonathan Christensen, chief technology officer at Facetime. It's not yet known if this latest worm does that. Both Facetime and IMlogic were investigating the picture.pif file on Wednesday afternoon.

The worm first appeared around 12:00(PDT) and appears to have spread quickly until about 13:30(PDT), Christensen said. At that time, AOL is likely to have put a filter on its AIM service, blocking the worm's spread, he said. Also, not much later, the malicious code was removed from the web.

An AOL spokesman said: "We are either currently blocking it, or we will be in the very near future."

Facetime and IMlogic received several inquiries on the worm, signalling that it was widespread. The worm hit employees at HP and prompted tech support at the tech giant to send out an alert to employees.

IMlogic has identified the worm as a variant of the Opanki worm, which first surfaced last month. The new variant has been rated a "medium" risk.

The worm is the latest in an increasing number of cyber threats that use instant messaging to attack internet users. Just as with attachments and links in email, instant message users should be careful when clicking on links that arrive in instant messages - even messages from people they know, experts have warned.

Joris Evers writes for CNET News.com