lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0EBAA2B7C35F404D97319AC3E1D9467D01259AFC@aragog.ams.com>
Date: Thu, 12 Feb 2004 06:17:40 -0500
From: "Tim Walraven" <tim.walraven@....com>
To: "Moshe Jacobson" <moshe@...slinux.net>,
	<bugtraq@...urityfocus.com>
Subject: RE: AIM worm spreading around?


Moshe - This is not a worm.  It's adware. It's really not even
deceptive.  It merely takes advantage of the fact that users do not read
the 'Security Warning' boxes that pop up when installing applications
off of the web.  If you go to the site and read the Terms of Service for
this application, it clearly states that it is free and in exchange for
this free game, they will periodically use your Instant Messenger to
send advertisements to all of the people on your Buddy list.

McAfee detects it as adware with the 4323 DAT file.  They also have
information on how to remove it.

Tim....



-----Original Message-----
From: Moshe Jacobson [mailto:moshe@...slinux.net] 
Sent: Wednesday, February 11, 2004 9:52 AM
To: bugtraq@...urityfocus.com
Subject: AIM worm spreading around?

I have had little success in finding information on the AIM worm that
seems to be going around now.

It affects the official AOL Instant Messenger client only, it seems.
Once you click on this link (and there are different endings to the
URL each time, in place of the YUAF):

    http://www.wgutv.com/osama_capture.php?YUAF

and you install the program, it starts sending that link to everyone
else on your buddy list.

I'm not sure if it does any damage.  Does anyone know anything about
this?

Thanks,
Moshe

-- 
Moshe Jacobson -- http://runslinux.net -- AIM: Jehsom
| This message is strictly confidential; it should be shown to nobody |
| except the listed addressee(s). If you've received this message in  |
| error, please promptly delete it and notify the sender.             |




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ