Warning: 'iTunes' Attachment Is AIM Worm

Anti-virus vendor Trend Micro on Wednesday issued a warning for a new computer worm infecting users of America Online Inc.'s Instant Messenger application.

The worm, identified by Trend Micro Inc. as W32/Opanki, spreads by tricking users into clicking on a file named after Apple's popular iTunes music service.

"This worm arrives as the file ITUNES.EXE," Trend Micro warned.

"Thus, users may be tricked into thinking that this worm is associated with a legitimate product."

The worm has been programmed to run on Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP and Windows Server 2003.

It arrives as an IM chat message with text that reads "this picture never gets old" and a link to download the iTUNES.EXE file.

Like other IM worms, W32/Opanki has backdoor capabilities.

Trend Micro said the worm opens a random TCP port and connects to an IRC (Internet Relay Chat) server to listen for commands from a remote malicious user.

"It then executes these commands locally on affected machines [and] downloads and executes other applications, mainly adware programs, into affected machines," the company said.

Trend Micro has published removal instructions for the worm.