Recently a new worm that propagates itself via AIM began circulating the Internet. Known as W32.pipeline, this worm transmits itself via AIM, contacting all individuals on the victim's "Buddylist".
The worm sends an innocuous IM message to the individuals on the victim's Buddylist with the message "Hey, would it be okay if I upload this picture of you to my blog?" If the recipient clicks on the link, an executable file that looks like a JPEG will download into a Windows folder.
Once installed, the file then begins to contact other individuals on the new victim computer to infect their machines as well. Another side effect is that the victim computer acts as a botnet, downloading in the background malicious files and viruses onto the computer, and possibly even sending out large quantities of spam
The best solution to this problem is to:
- If you receive the above IM, ignore it and do not respond. If you receive a suspicious variant, or are unsure, reply to the Instant Message and verify that the person really did send it to you. 3-4 IM messages should verify the status of the sender.