Educause Security Discussion mailing list archives
AOL IM and BuddyLinks issue
From: Manuel Amaral <Manuel.Amaral () OLIN EDU>
Date: Wed, 11 Feb 2004 17:30:12 -0500
FYI: We just discovered today that our community was inundated with AIM propagated messages with a link to wugtv.com. The source looked legitimate as it came from someone within the user's buddy list and directed them to a site with an Osama Bin Laden computer game. The link, once clicked, takes you to a page which automatically launches the install process for this "game", although it does ask if you wish to install it. Unfortunately, the process installs several other items, which I'm sure most people don't care to have on their systems. Even after uninstalling the application, there are residual executables we discovered in a psd tools folder on the affected systems. We're still checking to see if there is anything else we've missed. I've included a link to a slashdot article that came out today about this very problem with a snippet from their license agreement. We had blocked access to AIM until we understood what was going on and have since blocked access to the site sent via AIM and turned AIM access back on. It appears that SpyBot S&D, with the latest updates, detects this and helps you remove it. Manny Amaral Associate Director of Information Technology Franklin W. Olin College of Engineering. http://yro.slashdot.org/article.pl?sid=04/02/11/1614257 Here's a snippet from the license agreement with emphasis: Services; Modifications to Your Instant Messaging Client. The Software provides you the opportunity to access Content for no charge. In return for the right to access this Content, you acknowledge and agree that the Software contains additional software products provided to PSD Tools by its suppliers which will periodically deliver additional Content such as, but not limited to, advertisements and promotional messages to your Computer and programs that may alter your home page to offer you Content. In addition, the Software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your Computer to your contact or "buddy" list regarding Content offered by PSD Tools or its suppliers. If you desire to stop this activity, you may elect to stop the messages by navigating to the "buddylinks.net" entry in your "Start Menu", selecting the "buddylinks.net Configuration" item, and unchecking the appropriate option. You may also refer to PSD Tools' website at http://www.psdtools.com for an uninstaller. (http://www.buddylinks.net/terms.html) ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- AOL IM and BuddyLinks issue Manuel Amaral (Feb 11)