|
-
August 20th, 2004, 06:27 PM
#1
*New AIM profile trojan--buddypicture.net trojan*
Information on buddypicture.net trojan
If you have a link in your AIM titled "buddypicture.net" it means your machine has been infected by the buddypicture.net trojan.
The virus exploits a flaw in Internet Explorer and forces the download of the trojan to your computer and runs it. When it starts, the trojan puts a link in your AIM profile that that forces the download of the trojan to your computer. Messages can be "I can't believe I found (your screen name)'s picture here HAHAHA" or similar. Once it changes your profile, it will begin downloading adware and spyware to your computer. Changing your AIM profile won't get rid of the virus, it will simply change it back on your next reboot.
If a link in your aim is titled "buddypicture.net" you will need to remove the trojan using adware removal software.
Removal:
You will need to run adware removal software on your machine, we would suggest the sites listed below,
Pastol - site contains software to remove spyware and adware
Spywarenuker - another piece of software to remove spyware and trojans
Besides their suggestion for spyware removal, you can always use the traditional Ad-ware and Spybot S&D. Running your AV and a Trojan Cleaner such as theCleaner is recommended.
-
August 20th, 2004, 06:30 PM
#2
Where did you get this article I would like to look at it?
Its always good to post a link.
- MilitantEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
August 20th, 2004, 06:44 PM
#3
i pulled it off someone's buddy profile 
Here's the link: http://www.buddypicture.net/announcement/
-
August 20th, 2004, 06:49 PM
#4
Thanks!
- MilitantEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
August 20th, 2004, 07:18 PM
#5
To my understanding, this would only work if you clicked a link in a profile. There are variants such as talkstocks, buddypicture, and a couple others, most of which were shut down. I've seen these and been fixing these for almost a year now, but your quote says it exploits a flaw in IE? That's news to me, the ones I dealt with prompt a download.
-
August 20th, 2004, 07:24 PM
#6
To my understanding, this is fairly old. I've known about this for atleast 6-8 month's and it has been a bother to nearly all of my computer illiterate friends. Thanks for the notice though, Cybr1d! 
-
August 20th, 2004, 07:36 PM
#7
To my understanding, this is fairly old. I've known about this for atleast 6-8 month's and it has been a bother to nearly all of my computer illiterate friends. Thanks for the notice though, Cybr1d!
NP. I wasn't aware it was out for that long. I just noticed it on someone's buddy profile and figured I'd share it. Still, if anyone comes here looking for info on it, they can find it in AO. After looking around a bit, I guess it has been around since December/January.
I bet 20 bucks that someone will actually start posting asking about how his AIM is hacked  .
-
August 20th, 2004, 07:38 PM
#8
Haha, yeah.. I wonder if that site has been reported yet or something. I'ma do a whois on it (it's on a domain, right?) and see who it's registered to, blah blah.. Should be interesting.
-
August 20th, 2004, 07:44 PM
#9
the site has been reported and shut down afaik
-
August 20th, 2004, 07:46 PM
#10
buddypicture.net/announcement // don't be stupid, view this site w/ restricted settings
buddypicture has been taken down for quite a while, but I think some hijacked profiles have lingered around.
PoC's have been released for the more recent highly critical Aim vuln, so I would expect some spyware / trojan problems from that.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote