lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mlande at bellsouth.net (Mary Landesman)
Subject: AOL IM Worm

It's not a worm - it's viral people. :-)

There's something called BuddyLinks that allows really stupid people to
install it to their instant-messaging application. It then spams out
whatever news, games, etc., that it sees fit to all the people on that
person's buddylist.

In essence, it's as if your 'friends' handed over their entire buddylist to
a spammer and said, "Gee, not only can you spam my friends, but you can do
it with my permission and from my machine!"

The Osama Capture is a prologue to a game from WGUTV that BuddyLinks is
currently advertising. The page tries to load a viewer for running the
prologue. My guess is that 'viewer' is loaded with spyware, but as far as I
can tell, it's not a worm.

-- Mary

----- Original Message ----- 
From: "Justin Baldini" <jbaldini@...massmedia.com>
To: "Full Disclosure List" <full-disclosure@...sys.com>
Sent: Wednesday, February 11, 2004 1:40 PM
Subject: [Full-Disclosure] AOL IM Worm


There appears to be an AOL IM worm going around.

It's coming in as a link to here...

http://www.wgutv.com/osama_capXXXture.php?nLRj
(Without the XXX)

When run, it appears to load up some fake game, installs a bunch of shit,
and then sends itself to everyone on your IM list.

Channelup.exe and blengine.exe appear to be the task list entries.

Thats about all the info I have.


++++++++++++++
Justin Baldini
Network Admin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists