Webroot researchers report that a new iteration of the Zeus password-stealing Trojan is now targeting AOL Instant Messenger (AIM) users.

"People using the popular instant messaging platform receive an email message announcing an update and are then prompted to click through to download what appears to be a legitimate file, aimupdate_7.1.6.475.exe," writes SC Magazine's Greg Masters. "However, the so-called update is, in fact, the Zeus installer, which can then transfer itself onto the victim's machine, whether or not the AIM user clicks on the link to download the executable file."

"Webroot advises that to avoid this particular exploit focused on AIM, users turn off Adobe Reader's embedded JavaScript," Masters writes.

Click here to read the SC Magazine article.