[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <067e01c3f0f4$cb55f340$c400a8c0@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: AOL IM Worm
I would say it's time for folks to RTFEULA or else do like Nancy says and
"Just Say No". :-)
-- Mary
----- Original Message -----
From: "Exibar" <exibar@...lair.com>
To: <full-disclosure@...sys.com>
Sent: Wednesday, February 11, 2004 4:49 PM
Subject: Re: [Full-Disclosure] AOL IM Worm
I would say it's more of a trojan than anything else. If it was a worm, it
would self propigate, if a virus it would infect other files. This darned
thing poses as a game, and does "naughty things" in the background that
you're not aware of, or that's hidden in a EULA that no-one ever reads but
us security types :-)
Exibar
----- Original Message -----
From: "Mary Landesman" <mlande@...lsouth.net>
To: <jbaldini@...massmedia.com>; "Full Disclosure List"
<full-disclosure@...sys.com>
Sent: Wednesday, February 11, 2004 3:19 PM
Subject: Re: [Full-Disclosure] AOL IM Worm
> It's not a worm - it's viral people. :-)
>
> There's something called BuddyLinks that allows really stupid people to
> install it to their instant-messaging application. It then spams out
> whatever news, games, etc., that it sees fit to all the people on that
> person's buddylist.
>
> In essence, it's as if your 'friends' handed over their entire buddylist
to
> a spammer and said, "Gee, not only can you spam my friends, but you can do
> it with my permission and from my machine!"
>
> The Osama Capture is a prologue to a game from WGUTV that BuddyLinks is
> currently advertising. The page tries to load a viewer for running the
> prologue. My guess is that 'viewer' is loaded with spyware, but as far as
I
> can tell, it's not a worm.
>
> -- Mary
>
> ----- Original Message -----
> From: "Justin Baldini" <jbaldini@...massmedia.com>
> To: "Full Disclosure List" <full-disclosure@...sys.com>
> Sent: Wednesday, February 11, 2004 1:40 PM
> Subject: [Full-Disclosure] AOL IM Worm
>
>
> There appears to be an AOL IM worm going around.
>
> It's coming in as a link to here...
>
> http://www.wgutv.com/osama_capXXXture.php?nLRj
> (Without the XXX)
>
> When run, it appears to load up some fake game, installs a bunch of shit,
> and then sends itself to everyone on your IM list.
>
> Channelup.exe and blengine.exe appear to be the task list entries.
>
> Thats about all the info I have.
>
>
> ++++++++++++++
> Justin Baldini
> Network Admin
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists