The worm spread in instant messages with the text: "LOL LOOK AT HIM" and included a Web link to a file called "picture.pif." If that file was downloaded and opened, the worm would send itself to all contacts on the victim's AIM Buddy List, according to representatives from IM security companies Facetime and IMlogic.
With earlier, similar worms, downloading and opening a file would also install a backdoor or other malicious code on the victim's PC, said Jonathan Christensen, chief technology officer at Facetime. It's not yet known if this latest worm does that. Both IMlogic and Facetime were investigating the picture.pif file Wednesday afternoon.
The worm first appeared around 12 p.m. PDT and appears to have spread quickly until about 1:30 p.m., Christensen said. At that time, AOL likely put a filter on its AIM service, blocking the worm's spread, he said. Also, not much later, the malicious code was removed from the Web.
"We are either currently blocking it, or we will be in the very near future," said Andrew Weinstein, an AOL spokesman.
Facetime and IMlogic received several inquiries on the worm, signaling that it was widespread. The worm hit employees at Hewlett-Packard and prompted tech support at the Palo Alto, Calif., technology giant to send out an alert to employees.
IMlogic has identified the worm as a variant of the Opanki worm, which first surfaced last month. The new variant has been rated a "medium" risk.
The worm is the latest in anof cyberthreats that use instant messaging to attack Internet users. Just as with attachments and links in e-mail, instant message users should be careful when clicking on links that arrive in instant messages--even messages from people they know, experts have warned.