I would say it's more of a trojan than anything else. If it was a worm, it would self propigate, if a virus it would infect other files. This darned thing poses as a game, and does "naughty things" in the background that you're not aware of, or that's hidden in a EULA that no-one ever reads but us security types :-)
Exibar ----- Original Message ----- From: "Mary Landesman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Full Disclosure List" <[EMAIL PROTECTED]> Sent: Wednesday, February 11, 2004 3:19 PM Subject: Re: [Full-Disclosure] AOL IM Worm > It's not a worm - it's viral people. :-) > > There's something called BuddyLinks that allows really stupid people to > install it to their instant-messaging application. It then spams out > whatever news, games, etc., that it sees fit to all the people on that > person's buddylist. > > In essence, it's as if your 'friends' handed over their entire buddylist to > a spammer and said, "Gee, not only can you spam my friends, but you can do > it with my permission and from my machine!" > > The Osama Capture is a prologue to a game from WGUTV that BuddyLinks is > currently advertising. The page tries to load a viewer for running the > prologue. My guess is that 'viewer' is loaded with spyware, but as far as I > can tell, it's not a worm. > > -- Mary > > ----- Original Message ----- > From: "Justin Baldini" <[EMAIL PROTECTED]> > To: "Full Disclosure List" <[EMAIL PROTECTED]> > Sent: Wednesday, February 11, 2004 1:40 PM > Subject: [Full-Disclosure] AOL IM Worm > > > There appears to be an AOL IM worm going around. > > It's coming in as a link to here... > > http://www.wgutv.com/osama_capXXXture.php?nLRj > (Without the XXX) > > When run, it appears to load up some fake game, installs a bunch of shit, > and then sends itself to everyone on your IM list. > > Channelup.exe and blengine.exe appear to be the task list entries. > > Thats about all the info I have. > > > ++++++++++++++ > Justin Baldini > Network Admin > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
