Security experts have spotted the first attempts to create an Internet worm that propagates using instant messages and exploits a recently disclosed flaw in Microsoft software.Security experts have spotted the first attempts to create an Internet worm that propagates using instant messages and exploits a recently disclosed flaw in Microsoft software.Researchers at The SANS Institute’s Internet Storm Center (ISC) have had two reports of users receiving messages on AOL Instant Messenger service that lured them to Web sites containing malicious code, said Johannes Ullrich, CTO at SANS ISC, in an interview on Wednesday. The messages told the users to “Check out my profile, click GET INFO!”When visiting the Web sites, the malicious code would attempt to install “backdoor” software on the user’s PC that gives remote attackers total control over the machine. Additionally, messages containing a link to the site would be sent out to all contacts on the victim’s instant messenger contacts list, Ullrich said. The malicious code is embedded in a JPEG image and exploits a security flaw in the way many Microsoft applications process such images. Microsoft identified and patched the flaw on Sept. 14, but users have complained that patching is onerous because several applications, including Office and Windows, require separate patches.These first attempts to exploit the JPEG flaw using instant messaging appear to have failed. There have been no further reports of users getting the messages and the two AOL Instant Messenger user profile Web pages that contained the harmful images are no longer available, Ullrich said. “People should be worried about the next attempt,” Ullrich said. These first attempts show that people are actively working on this type of attack, he said.FaceTime Communications, a provider of instant messaging security applications, also has not seen the attacks hit any of its customers, said Christopher Dean, senior vice president of marketing and business development at the company.“We have not received reports from our customers, but we are alerting them about the threat at the moment,” he said. “We think it is a pretty significant threat. You can basically completely take over the machine.”The warning about attempts to exploit the latest Microsoft vulnerability via instant messaging follows warnings earlier this week about hackers seeding pornography Usenet news groups with malicious JPEG images. Users who unwittingly downloaded the images could also have backdoor software installed on their computers. Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe