Computer virus sent via AIM messages?

02/10/04 | self

[shhrubbery!]

My daughter's AIM screenname just sent me a message that said "check this out," followed by a link with what looks like a television station, "wgutv," in the URL.

Clicking on the link leads to a site with a picture of Osama bin Laden, with the headline "OSAMA FOUND."

Fifteen seconds after I clicked on this link, my daughter sent a message that saying "don't click on any weird links my screenname sends you!"

So I refused to accept the applet for this video and exited the site.

Problem is, my daughter did not send this link. The message did not show up on her end of the AIM service and she didn't even know it had been sent. She had just signed onto AIM to warn me about a potential problem, not realizing that merely signing on unleashed it (apparently). She says others at her school are having the same problem.

[shhrubbery!]

Anybody heard of this yet? I rely on my sons for techie information and it's late here on the East coast, they've all gone to bed.

[Bogey78O]

Sounds like someones been hijacking AOL screennames.

[Afro_conservative]

Thats it I am moving to Linux...What is that you say counterstrike only works on Windows...Just joking sorry Mr. Gates, sorry Mr. Gates please don't squash me with your wallet.

[spunkets]

Aim is an instant messenger program with their own ports open on your computer. AIM uses TCP/IP, but it is it's own program and has lots of holes. Some clown is spoofing your daughters ID. Your daughter provided the password when she logged on. Once she was logged on, the spoofer's hack allowed her IP/ID combo to be captured and now he's using it. He can do that until she logs of, or he can even do that. Once logged off though he can't do anything until she logs off again, or he captures the password with another hack.

[cookcounty]

Yeah I got a Few "dameon" failed email returns today at work. they had aol email addresses on them that I didn't send, and never heard of before.

[shhrubbery!]

Thanks, though I don't know what a spoofer is, at least not in techie terms. Do you know if there are other instant messaging services without so many, er, holes?

[martin_fierro]

FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.)

Alternative browsers: Mozilla Opera AVG Anti-Virus Free Edition: Free anti-viral protection Popup ad killers: Bayden Systems Popup Popper: Blocks popup ads well in MSIE Shoot the Messenger: Close that friggin' Messenger in Windows XP Spyware removers: Spybot S&D AdAware MailWasher: Good for pre-screening & bouncing SPAM Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Test your firewall from without with ShieldsUP! Test your firewall from within with LeakTest

[spunkets]

Doh..."Once logged off though he can't do anything until she logs off on again.

[BCrago66]

I googled "AIM virus," and found a lot of references. Here is a patch claiming to solve the problem - but you have to judge for yourself whether it's worth the risk to try it:

http://www.rsaisp.com/software.asp

[shhrubbery!]

Thanks. She's going to try that.

[spunkets]

"what a spoofer is"

That's someone pretending to be you. ID theft.

I don't use these, because they are insecure. Linux has one, but it's about as secure as AIM. ICQ is the absolute worst. Might as well have all your personal info posted on an interstate billboard. Just don't click on links and turn off all the fancy stuff. Just accept text and jpg.

[spunkets]

Yes the clowns are spoofing e-mails lately with garbage in them. It's not limited to aol providers.

[shhrubbery!]

Thanks. She's tried one remedy posted above and after signing off and on again, so far so good (no more spoof messages). But all her buddies are signed off for the night and I'm about to hit the hay myself. So we'll see in the morning.

Thanks everybody for your help.

[shhrubbery!]

Well that's hard to tell a college student! I'm addicted to instant messaging myself. I never post anything I wouldn't want the world to hear, but if somebody hijacked my name...hmmm, could be trouble. OK, will weigh all advice tomorrow with (I hope) a clear head. Thanks and good night.

[lelio]

Yes, this is a recent known "hack" -- I believe it has something to do with buddylinks.net which has been shut down by their ISP.

[HAL9000]

There are a lot of hacker programs that are plowing through every IP address on the internet, sending bogus instant messages. I get them occasionally.

[tbird5]

all my children called me and told me not to open that IM message. It's going around all the campuses. It's a virus they said.

[contessa machiaveli]

i haven't been able to retrieve my emails on AOL, i get an error message. this has been going on for a full day.