from ISC

The handlers have received several reports that AIM messages are being used to entice users to download and view jpegs that match current signatures for the GDIplus.dll exploit.

The basic method is to attach GDI exploits to profiles on AIM. The attacker then sends messages to get the user to go look at the user profile that has a jpg with the gdiplus.dll exploit in it.

This is the message being seen "Check out my profile, click GET INFO!" But of course that would be easy to change so it is probably not worth adding to your IDS signature list.
Easy one.... Social engineering, but it can still work.