| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <402B5487.5501.29D8CF88@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: AOL IM Worm "Justin Baldini" <jbaldini@...massmedia.com> wrote: > There appears to be an AOL IM worm going around. It's arguably not a worm (many say fully automated spread is a requirement for such). It _is_ very like FriendGreetings but using AOL IM rather than SMTP as its "advertising medium". > It's coming in as a link to here... > > http://www.wgutv.com/osama_capXXXture.php?nLRj > (Without the XXX) ...and the bit after the "?" is variable/random. > When run, it appears to load up some fake game, ... Well, it is an ".SWF game". > ... installs a bunch of shit, > and then sends itself to everyone on your IM list. What you so inelgantly missed is that when you visit the IM-spammed URL you referred to, you are prompted to download and install an ActiveX control. If you accept it's "game over" (security-wise -- no pun intended...). Intelligent admins whose advice is appreciated and acted on won't have users running IE, so this won't be an issue for them but the remaining 99.973% of Windows machines are likely to have some exposure. However, clueful Windows admins who have to watch over hoards of the great unwashed and have been forced, against their better judgement, to allow or even encourage or -- gak! -- _require_ the use of IE, will at least have locked out said hoard with an "only run administrator approved ActiveX controls" policy. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists