The behavoir of the original incident reported on this list closely mirrors the description at the URL below:
http://www.securemac.com/aimpasswordthief.php What is different is the in abilitly to create new IDs on AIM to replace the hijacked one. That is a new twist. Also -- one should note that the URL describes a tool used in 2001 on Macs. One question I have is whether or not the tool used in the exploit at the URL above has been updated and revamped to exploit the newest AIM client. This certainly bears further investigation. -- Rob Frazier, CISSP, ISSAP www.xakephet.com 325-695-7238 Lab 817-271-7557
