Re: buddylinks worm

[upallnight42 <upallnight42 () yahoo com>]

This is something that was already brought to my
attention.  After looking into it I found this is
nothing but a marketing ad program. 

The link being sent out as a game directs you to a web
page that prompts you to trust a install.  It looks
like its a plug-in or is needed to play the game (that
part is deceiving to most users). If you read the
license agreement it it much like gator or any other
adware.  You agree to install this software that also
offers you a service to group message everyone in you
AIM contact list just to play this game.  I don't know
if their is really a game after the install or not. I
never went that far.

Now one of the first things that happens is a message
goes out to everyone in you AIM list to play the same
game. What a way to spread, after all it comes from
someone you know and trust?? Or how well do you know
people you chat with on line that you never met????
(thats a different topic).

The uninstall from the control panel seems to work but
you have to exit the AIM messenger first. 
I'm not sure what else the install does, I was going
to reverse engineer this but after going to the site I
found the site is down.

Attached is information I sent to my users with
uninstall a license agreement copied from the company.

If anyone still has the original install I would not
mind looking at it to see if anything else was done to
the system when my users installed it.

Scott
                             
>                              
>                       "Dennis Cheung"               
>                                                     
>                              
>                       <dennis () pa net>          To:  
>     "Jason Yates" <jaywhy2 () comcast net>             
>                              
>                                                cc:  
>     incidents () securityfocus com                     
>                              
>                       02/11/2004 08:16        
> Subject:  Re: buddylinks worm                       
>                                    
>                       AM                            
>                                                     
>                              
>                                                     
>                                                     
>                              
>                                                     
>                                                     
>                              
>
>
>
>
>
> Jason Yates wrote:
>
> > Another one of the AOL worms; this one instant
> messages all users on
> > your buddy list.  The message I've recieved is
> "check this out:
> > http://ww.wgutv.com/osama_capture.php?bNek";.  The
> link is a fact news
> > website telling you to download some software . 
> Once you install the
> > software on the page; it immediately instant
> messages everyone on your
> > buddy list.
> >
> > The software it installs is something called
> buddylinks.  According to
> > buddylinks.net, Buddylinks is a "revolutionary new
> way for instant
> > messenger users to instantaneously share
> entertaining content with
> > their entire IM "buddy list" network all at one
> time".  I can't make
> > this stuff up.
> >
> > Jason Yates
---------------------------------------------------------------------------
> > Free trial: Astaro Security Linux -- firewall with
> Spam/Virus Protection
> > Protect your network with the comprehensive
> security solution that
> > integrates six applications for ease of use and
> lower TCO.
> > Firewall - Virus protection - Spam protection -
> URL blocking - VPN
> > - Wireless security.
> >
> > Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
> >
----------------------------------------------------------------------------
> >
> A friend has gotten infected with this
> "revolutionary" product.  Has
> anyone tried removing this thing manually before? 
> The buddylinks site
> has a unsubscribe feature that claims to work, but
> at the moment I am
> reluctant until I figure out what exactly this thing
> is.
>
> -Dennis
---------------------------------------------------------------------------
> Free trial: Astaro Security Linux -- firewall with
> Spam/Virus Protection
>
> Protect your network with the comprehensive security
> solution that
> integrates six applications for ease of use and
> lower TCO.
>
> Firewall - Virus protection - Spam protection - URL
> blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
>
=================================================================================================
> Warning : The information contained in this message
> may be privileged and confidential and protected
> from disclosure. If the reader of this message is
> not the intended recipient, you are hereby notified
> that any dissemination, distribution or copying of
> this communication is strictly prohibited. If you
> have received this communication in error, please
> notify us immediately by replying to this message
> and then delete it from your computer. All e-mail
> sent to this address will be received by the
> Providian Financial corporate e-mail system and is
> subject to archiving and review by someone other
> than the recipient.
=================================================================================================
>


__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html

Note: This is not an actual news story. This is the prologue to a Flash
video game.

PSD TOOLS

END USER AGREEMENT AND SOFTWARE LICENSE TERMS

Services; Modifications to Your Instant Messaging Client.  The Software
provides you the opportunity to access Content for no charge. In return
for the right to access this Content, you acknowledge and agree that the
Software contains additional software products provided to PSD Tools by
its suppliers which will periodically deliver additional Content such as,
but not limited to, advertisements and promotional messages to your
Computer and programs that may alter your home page to offer you Content. 
In addition, the Software will interoperate with your current instant
messaging client so as to permit the automatic sending of advertising
messages originating from your Computer to your contact or “buddy” list
regarding Content offered by PSD Tools or its suppliers.   If you desire
to stop this activity, you may elect to stop the messages by navigating to
the “buddylinks.net” entry in your “Start Menu”, selecting the
“buddylinks.net Configuration” item, and unchecking the appropriate
option. You may also refer to PSD Tools’ website at
http://www.psdtools.com for an uninstaller.

Updates to Software. The Software includes an automatic update feature to
ensure that you have the most recently released version. You acknowledge
and agree that PSD Tools or third parties designated by PSD Tools may from
time to time provide automatic programming fixes, updates and upgrades to
the Software (collectively, the “Updates”).  Updates may include
installation of third party applications, through automatic electronic
dissemination and other means.  You consent to such Updates and agree that
the terms and conditions of this Agreement will apply to all such Updates.
 If you should elect not to have your software updated at any future time,
PSD Tools shall not be responsible for any incompatibilities that may
arise on your system and Computer.


Uninstalling the Software.  In order to uninstall the Software, you will
need to run the  removal executable. You can get this program by
contacting Support () PSDTools com  You may also be able to remove the
program using any of the following methods:

 Via “Add/Remove Programs”:
Click “Start”, Settings, Control Panel
Click “Add/Remove Programs”
Locate the “buddylinks.net Messaging Integration” option and click
“Remove”. Click “Yes” on the prompt.
Via a website link:
Navigate to http://www.buddylinks.net/uninstall.exe
Choose “Run” or “Open” when the download window appears.

The uninstallation process should take effect immediately though in rare
cases it may be necessary to restart your Instant Messaging Client or
computer.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------