Re: buddylinks worm
From: Scott (upallnight42_at_yahoo.com)
Date: 02/12/04
- Previous message: upallnight42: "Re: buddylinks worm"
- Maybe in reply to: Jason Yates: "buddylinks worm"
- Next in thread: Access Denied: "Re: buddylinks worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 12 Feb 2004 19:03:05 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <402A5572.4040201@pa.net>
This is something that was already brought to my
attention. After looking into it It looks like marketing ad program.( I don't know if it doen anything else?)
The link being sent out as a game directs you to a web
page that prompts you to trust a install. It looks
like its a plug-in or is needed to play the game (that
part is deceiving to most users). If you read the
license agreement it it much like gator or any other
adware. You agree to install this software that also
offers you a service to group message everyone in you
AIM contact list just to play this game. I don't know
if their is really a game after the install or not. I
never went that far.
Now one of the first things that happens is a message
goes out to everyone in you AIM list to play the same
game. What a way to spread, after all it comes from
someone you know and trust?? Or how well do you know
people you chat with on line that you never met????
(thats a different topic).
The uninstall from the control panel seems to work but
you have to exit the AIM messenger first.
I'm not sure what else the install does, I was going
to reverse engineer this but after going to the site today I found the site is down.
Attached is information I sent to my users with
uninstall a license agreement copied from the company.
If anyone still has the original install I would not
mind looking at it to see if anything else was done to
the system when users installed it.
Please let me know if anything else is found out about this, I know of a rumor that it might install a Trojan horse or a back door but have not seen any evidence about this yet.
Scott
----------------------------------------------------
Here is part of thier aggreement I copied yesterday before the site wnet down.
"Note: This is not an actual news story. This is the prologue to a Flash
video game.
PSD TOOLS
END USER AGREEMENT AND SOFTWARE LICENSE TERMS
Services; Modifications to Your Instant Messaging Client. The Software
provides you the opportunity to access Content for no charge. In return
for the right to access this Content, you acknowledge and agree that
the
Software contains additional software products provided to PSD Tools by
its suppliers which will periodically deliver additional Content such
as,
but not limited to, advertisements and promotional messages to your
Computer and programs that may alter your home page to offer you
Content.
In addition, the Software will interoperate with your current instant
messaging client so as to permit the automatic sending of advertising
messages originating from your Computer to your contact or “buddy” list
regarding Content offered by PSD Tools or its suppliers. If you
desire
to stop this activity, you may elect to stop the messages by navigating
to
the “buddylinks.net” entry in your “Start Menu”, selecting the
“buddylinks.net Configuration” item, and unchecking the appropriate
option. You may also refer to PSD Tools’ website at
http://www.psdtools.com for an uninstaller.
Updates to Software. The Software includes an automatic update feature
to
ensure that you have the most recently released version. You
acknowledge
and agree that PSD Tools or third parties designated by PSD Tools may
from
time to time provide automatic programming fixes, updates and upgrades
to
the Software (collectively, the “Updates”). Updates may include
installation of third party applications, through automatic electronic
dissemination and other means. You consent to such Updates and agree
that
the terms and conditions of this Agreement will apply to all such
Updates.
If you should elect not to have your software updated at any future
time,
PSD Tools shall not be responsible for any incompatibilities that may
arise on your system and Computer.
Uninstalling the Software. In order to uninstall the Software, you
will
need to run the removal executable. You can get this program by
contacting Support@PSDTools.com You may also be able to remove the
program using any of the following methods:
Via “Add/Remove Programs”:
Click “Start”, Settings, Control Panel
Click “Add/Remove Programs”
Locate the “buddylinks.net Messaging Integration” option and click
“Remove”. Click “Yes” on the prompt.
Via a website link:
Navigate to http://www.buddylinks.net/uninstall.exe
Choose “Run” or “Open” when the download window appears.
The uninstallation process should take effect immediately though in
rare
cases it may be necessary to restart your Instant Messaging Client or
computer."
----------------------------------------------------
>Received: (qmail 14498 invoked from network); 12 Feb 2004 16:11:21 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 12 Feb 2004 16:11:21 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id 0AE2D92644; Wed, 11 Feb 2004 09:55:37 -0700 (MST)
>Mailing-List: contact incidents-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <incidents.list-id.securityfocus.com>
>List-Post: <mailto:incidents@securityfocus.com>
>List-Help: <mailto:incidents-help@securityfocus.com>
>List-Unsubscribe: <mailto:incidents-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:incidents-subscribe@securityfocus.com>
>Delivered-To: mailing list incidents@securityfocus.com
>Delivered-To: moderator for incidents@securityfocus.com
>Received: (qmail 22727 invoked from network); 11 Feb 2004 10:03:17 -0000
>Message-ID: <402A5572.4040201@pa.net>
>Date: Wed, 11 Feb 2004 11:16:50 -0500
>From: Dennis Cheung <dennis@pa.net>
>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: Jason Yates <jaywhy2@comcast.net>
>Cc: incidents@securityfocus.com
>Subject: Re: buddylinks worm
>References: <402953F1.6080509@comcast.net>
>In-Reply-To: <402953F1.6080509@comcast.net>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: 7bit
>X-MailScanner-Information: Please contact the ISP for more information
>X-MailScanner-VirusCheck: Found to be clean
>
>Jason Yates wrote:
>
>> Another one of the AOL worms; this one instant messages all users on
>> your buddy list. The message I've recieved is "check this out:
>> http://ww.wgutv.com/osama_capture.php?bNek". The link is a fact news
>> website telling you to download some software . Once you install the
>> software on the page; it immediately instant messages everyone on your
>> buddy list.
>>
>> The software it installs is something called buddylinks. According to
>> buddylinks.net, Buddylinks is a "revolutionary new way for instant
>> messenger users to instantaneously share entertaining content with
>> their entire IM "buddy list" network all at one time". I can't make
>> this stuff up.
>>
>> Jason Yates
>>
>> ---------------------------------------------------------------------------
>>
>> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>>
>> Protect your network with the comprehensive security solution that
>> integrates six applications for ease of use and lower TCO.
>>
>> Firewall - Virus protection - Spam protection - URL blocking - VPN
>> - Wireless security.
>>
>> Download 30-day evaluation at:
>> http://www.astaro.com/php/contact/securityfocus.php
>> ----------------------------------------------------------------------------
>>
>>
>A friend has gotten infected with this "revolutionary" product. Has
>anyone tried removing this thing manually before? The buddylinks site
>has a unsubscribe feature that claims to work, but at the moment I am
>reluctant until I figure out what exactly this thing is.
>
>-Dennis
>
>---------------------------------------------------------------------------
>Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
>Protect your network with the comprehensive security solution that
>integrates six applications for ease of use and lower TCO.
>
>Firewall - Virus protection - Spam protection - URL blocking - VPN
>- Wireless security.
>
>Download 30-day evaluation at:
>http://www.astaro.com/php/contact/securityfocus.php
>----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
- Previous message: upallnight42: "Re: buddylinks worm"
- Maybe in reply to: Jason Yates: "buddylinks worm"
- Next in thread: Access Denied: "Re: buddylinks worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
