[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <041301c3f0dc$5f71c9f0$c400a8c0@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: AOL IM Worm
It's not a worm - it's viral people. :-)
There's something called BuddyLinks that allows really stupid people to
install it to their instant-messaging application. It then spams out
whatever news, games, etc., that it sees fit to all the people on that
person's buddylist.
In essence, it's as if your 'friends' handed over their entire buddylist to
a spammer and said, "Gee, not only can you spam my friends, but you can do
it with my permission and from my machine!"
The Osama Capture is a prologue to a game from WGUTV that BuddyLinks is
currently advertising. The page tries to load a viewer for running the
prologue. My guess is that 'viewer' is loaded with spyware, but as far as I
can tell, it's not a worm.
-- Mary
----- Original Message -----
From: "Justin Baldini" <jbaldini@...massmedia.com>
To: "Full Disclosure List" <full-disclosure@...sys.com>
Sent: Wednesday, February 11, 2004 1:40 PM
Subject: [Full-Disclosure] AOL IM Worm
There appears to be an AOL IM worm going around.
It's coming in as a link to here...
http://www.wgutv.com/osama_capXXXture.php?nLRj
(Without the XXX)
When run, it appears to load up some fake game, installs a bunch of shit,
and then sends itself to everyone on your IM list.
Channelup.exe and blengine.exe appear to be the task list entries.
Thats about all the info I have.
++++++++++++++
Justin Baldini
Network Admin
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists