"The IM vendors have realized they have to get serious about security and about getting users to upgrade their software. The downside is that it can be irritating to users, but, unfortunately, it's necessary," Osterman said.
Last week, IM security vendor Akonix Systems Inc. reported tracking 36 malicious code attacks in IM networks during June, an 80 percent increase over May.
Beyond the specific AIM situation, it's recommended that end users in general get into a habit of updating their PC software, said Chris Taschner, a vulnerability analyst at the Computer Emergency Response Team (CERT) Coordination Center of Carnegie Mellon University's Software Engineering Institute.
Whenever possible, vendors should deliver the updates in the background , as transparently as possible to end users, Taschner said. "End users shouldn't have to be security experts to use software."
If vendors will not update their software automatically in the background, they should make their policies for notifying end users about new versions very clear, he said. This way, end users will know how to distinguish between a legitimate and fraudulent security alert, Taschner said.