lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: exibar at thelair.com (Exibar)
Subject: AOL IM Worm

I would say it's more of a trojan than anything else.  If it was a worm, it
would self propigate, if a virus it would infect other files.  This darned
thing poses as a game, and does "naughty things" in the background that
you're not aware of, or that's hidden in a EULA that no-one ever reads but
us security types :-)

  Exibar

----- Original Message ----- 
From: "Mary Landesman" <mlande@...lsouth.net>
To: <jbaldini@...massmedia.com>; "Full Disclosure List"
<full-disclosure@...sys.com>
Sent: Wednesday, February 11, 2004 3:19 PM
Subject: Re: [Full-Disclosure] AOL IM Worm


> It's not a worm - it's viral people. :-)
>
> There's something called BuddyLinks that allows really stupid people to
> install it to their instant-messaging application. It then spams out
> whatever news, games, etc., that it sees fit to all the people on that
> person's buddylist.
>
> In essence, it's as if your 'friends' handed over their entire buddylist
to
> a spammer and said, "Gee, not only can you spam my friends, but you can do
> it with my permission and from my machine!"
>
> The Osama Capture is a prologue to a game from WGUTV that BuddyLinks is
> currently advertising. The page tries to load a viewer for running the
> prologue. My guess is that 'viewer' is loaded with spyware, but as far as
I
> can tell, it's not a worm.
>
> -- Mary
>
> ----- Original Message ----- 
> From: "Justin Baldini" <jbaldini@...massmedia.com>
> To: "Full Disclosure List" <full-disclosure@...sys.com>
> Sent: Wednesday, February 11, 2004 1:40 PM
> Subject: [Full-Disclosure] AOL IM Worm
>
>
> There appears to be an AOL IM worm going around.
>
> It's coming in as a link to here...
>
> http://www.wgutv.com/osama_capXXXture.php?nLRj
> (Without the XXX)
>
> When run, it appears to load up some fake game, installs a bunch of shit,
> and then sends itself to everyone on your IM list.
>
> Channelup.exe and blengine.exe appear to be the task list entries.
>
> Thats about all the info I have.
>
>
> ++++++++++++++
> Justin Baldini
> Network Admin
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>


Powered by blists - more mailing lists