AOL gives hackers a free ride

Take extra care with IM...

AOL is rushing to fix a huge security hole in its Instant Messenger software which can allow hackers to take over AIM users' computers. Reports from US wires, claim AOL has owned up to the problem and promised a fix within the next couple of days. AOL insisted no users had been affected by the problem. AOL's UK office could not offer any comment on the problem this morning and gave no indication as to when the issue might be resolved. The security flaw is due to a buffer overflow problem similar to that experienced by Microsoft's IIS software, which causes problems when the system is overrun with information. Hackers could use the vulnerability to take total control of a victim's computer, enabling them to delete files and create worms. The problem was discovered by security group ww00ww00.org, which said the vulnerability could easily be used to spread a virulent worm. Andre Post, senior researcher at security firm Symantec, said: "The only limit as to what could be done is here is the imagination of the hacker - he has the ability to execute whatever code he likes on an affected computer." Post has urged AOL to issue a patch as soon as possible. "There is nothing that Instant Messenger users can do to prevent being attacked, short of disconnecting from the internet. The potential problem is enormous," he added. Post stressed however, that no malicious code exploiting the hole had so far been spotted. AOL is reportedly looking to solve the problem with a server-side fix which will mean AIM users don't have to download a patch to protect themselves. AIM has over 100 million registered users. Only those running the software on top of Microsoft Windows are affected.