AIM had security weaknesses that have enabled exploits to be created that use third-party software to perform malicious acts on users' computers. Although most were relatively harmless, such as being kicked off the AIM service, others performed potentially dangerous actions such as sending viruses. Some of these exploits relied on social engineering to spread by automatically sending instant messages that contained a Uniform Resource Locator (URL) accompanied by text suggesting the receiving user click on it, an action which leads to infection, i.e., a trojan. These messages could easily be mistaken as coming from a friend and contain a link to a Web address that installed software on the user's computer to restart the cycle.
Users also have reported sudden additions of toolbars and advertisements from third parties in the newer version of AIM. Multiple complaints about the lack of control of third party involvement have caused many users to stop using the service.