Full Disclosure mailing list archives
Re: AOL IM Worm
From: "Exibar" <exibar () thelair com>
Date: Wed, 11 Feb 2004 16:49:47 -0500
I would say it's more of a trojan than anything else. If it was a worm, it would self propigate, if a virus it would infect other files. This darned thing poses as a game, and does "naughty things" in the background that you're not aware of, or that's hidden in a EULA that no-one ever reads but us security types :-) Exibar ----- Original Message ----- From: "Mary Landesman" <mlande () bellsouth net> To: <jbaldini () newmassmedia com>; "Full Disclosure List" <full-disclosure () netsys com> Sent: Wednesday, February 11, 2004 3:19 PM Subject: Re: [Full-disclosure] AOL IM Worm
It's not a worm - it's viral people. :-) There's something called BuddyLinks that allows really stupid people to install it to their instant-messaging application. It then spams out whatever news, games, etc., that it sees fit to all the people on that person's buddylist. In essence, it's as if your 'friends' handed over their entire buddylist
to
a spammer and said, "Gee, not only can you spam my friends, but you can do it with my permission and from my machine!" The Osama Capture is a prologue to a game from WGUTV that BuddyLinks is currently advertising. The page tries to load a viewer for running the prologue. My guess is that 'viewer' is loaded with spyware, but as far as
I
can tell, it's not a worm. -- Mary ----- Original Message ----- From: "Justin Baldini" <jbaldini () newmassmedia com> To: "Full Disclosure List" <full-disclosure () netsys com> Sent: Wednesday, February 11, 2004 1:40 PM Subject: [Full-disclosure] AOL IM Worm There appears to be an AOL IM worm going around. It's coming in as a link to here... http://www.wgutv.com/osama_capXXXture.php?nLRj (Without the XXX) When run, it appears to load up some fake game, installs a bunch of shit, and then sends itself to everyone on your IM list. Channelup.exe and blengine.exe appear to be the task list entries. Thats about all the info I have. ++++++++++++++ Justin Baldini Network Admin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AOL IM Worm Justin Baldini (Feb 11)
- Re: AOL IM Worm Keith W. McCammon (Feb 11)
- SV: AOL IM Worm Peter Kruse (Feb 11)
- Re: AOL IM Worm Mary Landesman (Feb 11)
- Re: AOL IM Worm Exibar (Feb 11)
- Re: AOL IM Worm Mary Landesman (Feb 11)
- Re: AOL IM Worm Exibar (Feb 11)
- Re: AOL IM Worm Nick FitzGerald (Feb 11)
- <Possible follow-ups>
- RE: AOL IM Worm Turk, Anthony (Feb 11)
- Re: AOL IM Worm Keith W. McCammon (Feb 11)