Security Incidents mailing list archives
Re: buddylinks worm
From: upallnight42 <upallnight42 () yahoo com>
Date: Thu, 12 Feb 2004 10:07:55 -0800 (PST)
This is something that was already brought to my attention. After looking into it I found this is nothing but a marketing ad program. The link being sent out as a game directs you to a web page that prompts you to trust a install. It looks like its a plug-in or is needed to play the game (that part is deceiving to most users). If you read the license agreement it it much like gator or any other adware. You agree to install this software that also offers you a service to group message everyone in you AIM contact list just to play this game. I don't know if their is really a game after the install or not. I never went that far. Now one of the first things that happens is a message goes out to everyone in you AIM list to play the same game. What a way to spread, after all it comes from someone you know and trust?? Or how well do you know people you chat with on line that you never met???? (thats a different topic). The uninstall from the control panel seems to work but you have to exit the AIM messenger first. I'm not sure what else the install does, I was going to reverse engineer this but after going to the site I found the site is down. Attached is information I sent to my users with uninstall a license agreement copied from the company. If anyone still has the original install I would not mind looking at it to see if anything else was done to the system when my users installed it. Scott
"Dennis Cheung" <dennis () pa net> To: "Jason Yates" <jaywhy2 () comcast net> cc: incidents () securityfocus com 02/11/2004 08:16 Subject: Re: buddylinks worm AM Jason Yates wrote:Another one of the AOL worms; this one instantmessages all users onyour buddy list. The message I've recieved is"check this out:http://ww.wgutv.com/osama_capture.php?bNek". Thelink is a fact newswebsite telling you to download some software .Once you install thesoftware on the page; it immediately instantmessages everyone on yourbuddy list. The software it installs is something calledbuddylinks. According tobuddylinks.net, Buddylinks is a "revolutionary newway for instantmessenger users to instantaneously shareentertaining content withtheir entire IM "buddy list" network all at onetime". I can't makethis stuff up. Jason Yates
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall withSpam/Virus ProtectionProtect your network with the comprehensivesecurity solution thatintegrates six applications for ease of use andlower TCO.Firewall - Virus protection - Spam protection -URL blocking - VPN- Wireless security. Download 30-day evaluation at:http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
A friend has gotten infected with this "revolutionary" product. Has anyone tried removing this thing manually before? The buddylinks site has a unsubscribe feature that claims to work, but at the moment I am reluctant until I figure out what exactly this thing is. -Dennis
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
=================================================================================================
Warning : The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this message and then delete it from your computer. All e-mail sent to this address will be received by the Providian Financial corporate e-mail system and is subject to archiving and review by someone other than the recipient.
=================================================================================================
__________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
Note: This is not an actual news story. This is the prologue to a Flash video game. PSD TOOLS END USER AGREEMENT AND SOFTWARE LICENSE TERMS Services; Modifications to Your Instant Messaging Client. The Software provides you the opportunity to access Content for no charge. In return for the right to access this Content, you acknowledge and agree that the Software contains additional software products provided to PSD Tools by its suppliers which will periodically deliver additional Content such as, but not limited to, advertisements and promotional messages to your Computer and programs that may alter your home page to offer you Content. In addition, the Software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your Computer to your contact or buddy list regarding Content offered by PSD Tools or its suppliers. If you desire to stop this activity, you may elect to stop the messages by navigating to the buddylinks.net entry in your Start Menu, selecting the buddylinks.net Configuration item, and unchecking the appropriate option. You may also refer to PSD Tools website at http://www.psdtools.com for an uninstaller. Updates to Software. The Software includes an automatic update feature to ensure that you have the most recently released version. You acknowledge and agree that PSD Tools or third parties designated by PSD Tools may from time to time provide automatic programming fixes, updates and upgrades to the Software (collectively, the Updates). Updates may include installation of third party applications, through automatic electronic dissemination and other means. You consent to such Updates and agree that the terms and conditions of this Agreement will apply to all such Updates. If you should elect not to have your software updated at any future time, PSD Tools shall not be responsible for any incompatibilities that may arise on your system and Computer. Uninstalling the Software. In order to uninstall the Software, you will need to run the removal executable. You can get this program by contacting Support () PSDTools com You may also be able to remove the program using any of the following methods: Via Add/Remove Programs: Click Start, Settings, Control Panel Click Add/Remove Programs Locate the buddylinks.net Messaging Integration option and click Remove. Click Yes on the prompt. Via a website link: Navigate to http://www.buddylinks.net/uninstall.exe Choose Run or Open when the download window appears. The uninstallation process should take effect immediately though in rare cases it may be necessary to restart your Instant Messaging Client or computer.
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Dennis Cheung (Feb 12)
- Re: buddylinks worm falcon (Feb 12)
- Re: buddylinks worm Eric Trager (Feb 12)
- Re: buddylinks worm Mark Coleman (Feb 12)
- Re: buddylinks worm Alexander Kiwerski (Feb 13)
- <Possible follow-ups>
- RE: buddylinks worm Jeremy Junginger (Feb 10)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Clint Bodungen (Feb 12)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm upallnight42 (Feb 12)
- Re: buddylinks worm Scott (Feb 12)
- Re: buddylinks worm Access Denied (Feb 18)
- Re: buddylinks worm Dennis Cheung (Feb 12)