The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks.

In the most recent attack aimed at users of America Online Inc.’s AIM network, the “lockx.exe” rootkit file was bundled with a new variant of the W32/Sdbot Trojan to create a nasty mix of hidden malware.

This is the first detection of SDBot squirming through IM chat windows, and the addition of a rootkit program is causing raised eyebrows among security researchers and worm watchers.

“The situation is ripe for a fully automated worm to cause some serious damage,” said Jose Nazario, senior software engineer at Arbor Networks Inc., a network security firm based in Lexington, Mass.

By Ryan Naraine

More here.