AIM+ Spyware

Users of AIM+ are unwittingly sharing information about themselves every time they connect to AOL. Aside from the spyware, AIM+ in my opinion is an excellent AOL instant messenger wrapper.

What is AIM+? From the website ( "AIM+ is an add-on to AOL's Instant Messenger for Windows. It integrates automatically and flawlessly with AIM, adding crucial features like IM/Chat Logging (with an integrated History Browser), Ad Removal, Cloning, Customizable Buddy List Window, and Translucent Windows."

I noticed some odd traffic which upon examination became immediately identifiable as belonging to AIM+. In version 2.1.1 build 59 (as well as the latest release 2.2 build 63 and probably earlier releases) an HTTP connection is made to ( referencing a PHP script which stores the following information:

  • AOL instant messenger screen name
  • AIM+ information:
    • all your AIM+ settings
    • AIM+ version
    • AIM+ paths
  • OS and version
  • Computer network name
  • CPU and RAM information
  • Screen resolution
  • Current UID (NT)

The author of course also gets your IP address and login time for free from the request. I wrote the author about this issue on 5.6.2002 and have received no response to date.

There is a simple fix for those who would like to continue using the software while removing the spyware:

  • Open AIM+.dll from your AIM+ install directory with a hex editor
  • Locate the string "tracking"
  • Null out the entire URL

Here are the approximate addresses of the strings to remove in the latest two releases of AIM+:

    2.1.1 build 59  0x126a0
    2.2 build 63    0x13790

If you want to be really lazy you can download replacement dll's from my website, again for the latest two releases of AIM+:

AIM+ version 2.1.1 build 59 replacement DLL: here
AIM+ version 2.2 build 63 replacement DLL: here