Re:I just got some of these.. (Score 1)

This link is still up and propagating picture22.com.

IMlogic (IM security company) has been tracking picture22.com and the relationship to the Sdbot worm. Many of the IM worms simply send out URLs over AIM, MSN, or Y! via infected clients. Those URLs don't necessarily download copies of themselves, but rather will point to other malware. Classic blended threat strategies. Many carry IRC with them in the payload and then connect to various servers to get remote controlled.

http://www.imlogic.com/im_threat_center/threatdeta il.asp?iThreatID=2146&mr=top3&hr=top3

Social engineering to get people to click on URLs is nothing new. But IM offers up two unique features: 1) you're getting messages from trusted people on your buddy list (who are infected), and 2) the worms have the context of who their broadcasting to because everyone is connected via presence. This is very different from email. The messages you get from an infected user can even be personalized to you ("Hey Jack, click on this: //url//"). I've heard of security savvy engineers clicking on these links and then clicking the dangerous Open button.

Symantec says an email worm can travel around the worm in 4 hours while an IM worm can travel around the world in 4 minutes. Scary.