Users of America Online's instant messenger are being warned about a worm spreading via the chat network.
Computers hijacked by worms can become spam relays
The Windows worm installs spyware programs and turns over control of the machine to the creator of the virus.
Studies show that malicious programs designed to attack instant message networks have grown dramatically over the past 12 months.
But some security firms say the threat to users of these chat systems is still relatively low.
The warning about the instant messaging worm came from FaceTime Security Labs which said that the program is a nastier variant of an older Windows virus.
As well as installing lots of software that will mean infected users get bombarded with pop-up adverts, the SDbot variant also includes a chunk of software known as a root kit.
This means that the virus can hide deep inside the Windows operating system and makes it hard for anti-virus programs to detect and remove it.
The code included in the worm turns compromised machines into proxies under the remote control of a virus writer so they can be used to attack other websites, relay spam or as a store for pirated or illegal data.
Figures gathered by instant messaging security firm IMLogic suggest that the numbers of viruses written to attack such networks are growing fast.
In the 12 months since September 2004, there was a greater than 2000% increase in the number of viruses reported that attack instant message and peer-to-peer networks.
Sean Doherty, a spokesman for IMLogic, said that all the attacks it was seeing were clearly being done by attackers looking to make money.
Most of the worms seek to install spyware, unwanted pop-up ad programs or try to use the machine as a base for other activities.
Firms are more worried about e-mail than instant messaging
"It's much more the economic crime aspect of it," he said.
Almost all the attacks revolved around making someone visit a website to download a program that hides its true intent, said Mr Doherty. Once these programs were installed they scoured "buddy lists" for new victims to infect.
Because instant messages have no subject line and tend to resemble conversations, people are regularly caught out by malicious messages that hide their origins.
"Users are much more likely to click on web links in an instant message than in an e-mail," said Mr Doherty.
Viruses and worms written for instant message networks tend to spread quickly once they penetrate an organisation.
"It's like a social network effect once one person has become infected," he said. "Once it enters an organisation we are seeing the peak of infection about 20 minutes later.
Dmitri Alperovitch, a principal research engineer for computer security firm Ciphertrust, said stopping IM viruses spreading can be tricky.
"A lot of organisations have no control over that traffic," he said. "It bypasses all their security appliances and goes right into their organisation."
Virus writers like instant message networks because they have many utilities associated with them that help people collaborate on projects and documents. Many of these are easy to subvert to put a machine under someone else's control.
Despite the growing threats, the number of viruses written specifically for instant messaging networks is very small compared to the mass targeting e-mail.
IMLogic records that there are 713 unique threats that target instant messaging and peer-to-peer networks. By contrast there are tens of thousands of e-mail viruses.
What is helping to limit the spread of IM viruses is the fact that the companies behind the bigger networks (Microsoft, Yahoo and AOL) have kept them as walled gardens.
As a result a virus written for one network cannot instantly leap to another.
"They are different systems that are fundamentally separate," said James Kay, chief technology officer at security firm BlackSpider.
But, he added, that most customers were more worried about spam and viruses for ordinary e-mail than they were about the threats coming in via instant message networks.
The number of incidents that BlackSpider customers were reporting was very low, said Mr Kay.
"The customer pull really is not there yet," he said.