"Justin Baldini" <[EMAIL PROTECTED]> wrote: > There appears to be an AOL IM worm going around.
It's arguably not a worm (many say fully automated spread is a requirement for such). It _is_ very like FriendGreetings but using AOL IM rather than SMTP as its "advertising medium". > It's coming in as a link to here... > > http://www.wgutv.com/osama_capXXXture.php?nLRj > (Without the XXX) ...and the bit after the "?" is variable/random. > When run, it appears to load up some fake game, ... Well, it is an ".SWF game". > ... installs a bunch of shit, > and then sends itself to everyone on your IM list. What you so inelgantly missed is that when you visit the IM-spammed URL you referred to, you are prompted to download and install an ActiveX control. If you accept it's "game over" (security-wise -- no pun intended...). Intelligent admins whose advice is appreciated and acted on won't have users running IE, so this won't be an issue for them but the remaining 99.973% of Windows machines are likely to have some exposure. However, clueful Windows admins who have to watch over hoards of the great unwashed and have been forced, against their better judgement, to allow or even encourage or -- gak! -- _require_ the use of IE, will at least have locked out said hoard with an "only run administrator approved ActiveX controls" policy. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
