Saw this posted over on NTBugtraq. has an example program that uses AIM to run programs and send the result back to the requester. Basically a wrapper interacts with the person sending the message and it runs a basic set of commands. The example uses nmap, but a fleet of hacking/reconnaissance tools could potentially be used. AIM works very hard at traversing firewalls. So someone outside a firewall could send a command to a computer inside the firewall.
This solution doesn’t sound like it will scale very well. I suppose with AIM groups you could control a bunch of bots. A one-to-one connection could already be pulled off by sending someone a Trojan and then waiting for it to connect back on a specific port.