[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] AOL IM Worm

To: Full Disclosure List <full-disclosure@netsys.com>
Subject: Re: [Full-Disclosure] AOL IM Worm
From: "Keith W. McCammon" <keith-list@mccammon.org>
Date: Wed, 11 Feb 2004 14:22:28 -0500

This made the rounds yesterday (briefly) on the Incidents lists:

http://archives.neohapsis.com/archives/incidents/2004-02/0027.html

Justin Baldini wrote:

There appears to be an AOL IM worm going around.

It's coming in as a link to here...
http://www.wgutv.com/osama_capXXXture.php?nLRj
(Without the XXX)
When run, it appears to load up some fake game, installs a bunch of shit,
and then sends itself to everyone on your IM list.
Channelup.exe and blengine.exe appear to be the task list entries.

Thats about all the info I have.
++++++++++++++
Justin Baldini
Network Admin
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- SV: [Full-Disclosure] AOL IM Worm
  - From: "Peter Kruse" <kruse@krusesecurity.dk>

References:
- [Full-Disclosure] AOL IM Worm
  - From: "Justin Baldini" <jbaldini@newmassmedia.com>

Prev by Date: Re: [Full-Disclosure] Apparently the practice was prevalent
Next by Date: [Full-Disclosure] OpenLinux: slocate local user buffer overflow
Previous by thread: [Full-Disclosure] AOL IM Worm
Next by thread: SV: [Full-Disclosure] AOL IM Worm
Index(es):
- Date
- Thread