Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another new worm???

From: dknaack () RDTECH COM (David Knaack)
Date: Thu, 22 Jun 2000 14:33:16 -0500

From: Frank Town <frank_smiles () HOTMAIL COM>

Actully not to say everyone is wrong but about 5 years ago when i used to
hang out on aol, we made these things called password stealers


<nsip>


They are simple to
get rid of, at least they were im nto sure about now. Most just add a line
to your win.ini in the run line


At least one of the new breed of AOL PWS use more advanced
techniques.  I've seen one file infector (specific to AOL.EXE)
and one that trojans runonce.exe.  However, to my knowledge these
particular samples were not released in the wild, and were not
self propagating.

AOL could be a truly frightening security issue.  Given their
history of lax security, I can imagine an advanced hacker or
AOL insider writing an AOL extension and then using the server
push (TOD update) feature to install malicious software on all
AOL clients.  One could launch a truly massive DDoS using tens
or hundreds of thousands of AOL clients.

A hacker with access to a large hub could intercept connections
to the AOL servers and act as a transparent proxy, with the
ability to deliver TOD's to AOL clients.

I do not know if AOL TODs are cryptographically signed, but
I would be surprised if they were.

All very advanced hacking, but doable.

DK
Previous By Date Next
Previous By Thread Next

Current thread: