Security Firm: AIM Is Fatally Flawed

AOL instant messenger software vulnerable to worm attack
By Caroline Zimmerman,  Newser User
Posted Sep 26, 2007 6:10 AM CDT
camera-icon View 1 more image

(Newser) – Hackers could exploit a glitch in AOL's instant messaging program and take control of users' computers , a security firm reports. Core Security discovered that the way AIM uses HTML code provides a loophole for hijacking PCs, via a web link that implants a self-copying worm. AOL says it has solved the problem; Core claims the solution doesn't go far enough.

The newer version of AIM could enable crooks to get full access to Internet Explorer's functions and force users to visit malicious websites without their knowledge, PC World reports. AOL has introduced a filtering mechanism to block suspicious content, but Core says hackers could sidestep this hurdle. The best way to reduce risk may be to downgrade to the older AIM 5.9.