AOL Parasites

AOL Parasites

To talk about AOL parasites, we have to cover the program those infections affect first. AOL stands for America Online, which is a web portal and online service provider. It was acquired by Verizon Communications in 2015, and in 2021, Verizon announced it would sell AOL to Apollo.

Now, the infections we need to talk about in this entry mostly would affect AOL Instant Messenger or AIM. From the late 1990s to the late 2000s, AIM was the leading messaging application in the North American region, but its popularity declined in the 2010s with the rise of social networking services. Finally, the AIM service was discontinued in 2017.

Thus, AOL parasites are mostly outdated infections that no longer have their main target available. Nevertheless, we can learn a lot about cybersecurity by analyzing the AOL parasites, their proliferation, and the damage they used to cause. What’s more, just because AIM is no longer available, it does not mean that the AOL parasites cannot be tweaked to attack other programs.

How Did AOL Parasites Work?

AOL parasites were essentially keyloggers because their main objective was to steal sensitive information from the AIM users. The difference between these programs and actual keyloggers was that AOL parasites were limited to the AIM service (or any other AOL software that could have been running on the system). Thus, the information that AOL parasites could steal was also limited to whatever users shared via AOL services. The infection could steal passwords, account details, and other sensitive information. Aside from stealing information, AOL parasites could also be used as remote access tools (RAT), which allowed cybercriminals to gain control over affected systems.

A very good chunk of users often believe that they have no valuable information, so they cannot be attacked by cybercriminals. Likewise, AOL parasite victims might have found it hard to believe that their personal messages could have been of any use for the hackers. However, since AOL parasites more or less functioned like trojans, they could expand their functionality depending on what their owners told them to do. Thus, apart from stealing personal information, AOL parasites could be used for DDoS (distributed Denial of Service) attacks; they could disable legitimate software because of their RAT functionalities, and they could also avoid removal by hiding their processes or files.

To give you an example of what an AOL parasite could do, let us take a look at Omerstroke. This infection was a textbook case of a trojan that was programmed to steal passwords from AOL services. The program could affect multiple AOL apps, including AOL Mail, ALTO, AOL Toolbar, AIM messenger, and others. This program could auto-start with the operating system and then obfuscate its processes, thus remaining on the affected computer for as long as possible without being removed. Needless to say, during that time, it could steal a significant amount of sensitive information.

How Did AOL Parasites Spread Around?

Trojan-like infections clearly have many ways to reach their targets, but AOL parasites used to exploit something that AIM was notorious for – vulnerabilities. AIM had several security weaknesses that could be exploited by a malevolent third party. The exploits that would use those vulnerabilities to infiltrate the target system usually spread via social engineering. It means that malicious messages that distributed AOL parasites usually reached their victims through instant messages within the AIM service. These messages would come with an outgoing link, saying that users received a new message, and they have to check it out. Clicking the link would eventually lead to a trojan infection on the victim’s computer.

Why would victims even click such links? That usually happened because it looked like the messages were sent by their friends. In fact, the same social engineering technique is still being used to infect users with malware or to steal their data. It is just that the main battleground has moved from AIM to popular social networking services and their private messaging apps.

All in all, AOL parasites may no longer have their original target, but the distribution and infection tactics used by these infections are still applied by other trojans. Hence, it is also possible to use the same removal methods to get rid of trojans too.

Usually, trojan removal is too complicated to attempt manually, especially if the victim is not used to removing unwanted programs on their own. Therefore, it is always strongly recommended that victims invest in reliable anti-malware solutions. After all, a powerful security tool would be able to remove not only trojans but other potential threats too.