AIM Incident: Encrypted Bot Using P2P for Command Control Communication

The below was sent to us as well as some of the ISACs around the net tonight. As there is quite a bit of information being conveyed by the author, I am going to leave the majority of the advisory as originally written. I will note that this started with a click happy user on AIM to the best of our knowledge.

A bot was seen spreading via AOL Instant Messenger (AIM) earlier today that appears to be using "encrypted"[1] peer-to-peer (P2P - possibly Waste?) as the Command and Control (C&C) mechanism. The bots communicate with each other via port 8/TCP.

The link for this article located at Incidents.org is no longer available.