I know none of the people messaging me (one of them told me his real screenname) and their only relation to me is that they use LJ and are members of thequestionclub (although I don't have it friended).
So, does anyone know about some strange vulnerability with AIM clients or servers that would could cause this?
Here are some of the stranger messages I got:
[03:33:03] kawaiidezu: [HELLO OP TO BASE RETURN 9a427BA0]
[03:34:04] kawaiidezu: [OP MSG USER PLEASE END CONVERSATION, WE NEED THIS LINE FOR MAINTENANCE END CODE 4A9C22]
[03:40:26] kawaiidezu: god I dont' remember, the guys name was www.livejournal.com/users/icurfriendsonl
[03:40:45] kawaiidezu: he infected everyone with something to see their friends only entries and other fucked up stuff before getting suspendied
[03:52:29] kawaiidezu: all my files are gone!!! wiped out!!!
[04:13:52] kawaiidezu: fistfuck niggercock fuckshit loldongs!
[04:13:57] njyoder: who are you?
[04:14:35] kawaiidezu: I put your grandma's cuntflaps in a ricecooker with hollaindaise sauce!
NOTE: These are all from the same screenname and apparently from different people who think they're messaging under their normals screennames. Someone else used dongul8r to message people.
EDIT: New guess, this isn't any virus/worm AT ALL. Instead, someone registered a few new usernames like kawaiidezu. Then they redirected messages from various people under the screennames to other people. That is, they started messaging person A, then took the replies from A and used the kawaiidezu account to relay it to person B. I don't know WHY someone would do that, as it just causes confusion. Nonetheless, it's not that difficult to create an AIM bot that only relays messages.
EDIT: Ok, apparently this guy was reading friends only entries on LJ from what I found out from other sources. This leads me to believe that it's an AIM relay bot which ALSO infects people's computers with some vulnerability in the official AIM software or through MSIE. So it infects the computer, then sets it up as an AIM relay bot. Of course, these may actually be two seperate malicious acts and I'm incorrectly connecting the two.
FINAL EDIT?: I found out that it was a now-fixed cross-site scripting vulnerability. They are using about 20 AIM bots at a given time (out of hundreds they have) to randomly relay messages between users. They screen scraped hundreds of thousands (allegeldy) of AIM screennames off of LJ and used them to relay messages. Some developer, who made a now deleted post, almost got fired from his LJ developer job for posting about the cross-site scripting vulnerability. If true, this is ridiculous, the other people running htte software need to know so they can update their sites.