***HEADS UP**** AIM Users
Results 1 to 6 of 6

Thread: ***HEADS UP**** AIM Users

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    ***HEADS UP**** AIM Users

    from ISC

    The handlers have received several reports that AIM messages are being used to entice users to download and view jpegs that match current signatures for the GDIplus.dll exploit.

    The basic method is to attach GDI exploits to profiles on AIM. The attacker then sends messages to get the user to go look at the user profile that has a jpg with the gdiplus.dll exploit in it.

    This is the message being seen "Check out my profile, click GET INFO!" But of course that would be easy to change so it is probably not worth adding to your IDS signature list.
    Easy one.... Social engineering, but it can still work.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    I was talking to a few of the guys that were seeing those. Kind of scary actually..since AIM users are the same people that click click click on everything.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Hog:

    Absolutely.... The effectiveness of any exploit relies upon two things, a broad enough user base to have a significant infection rate and the ability to identify and "transport" the exploit throughout the vulnerable systems. In this case the user base is the problem in both criteria. Lot's of people use AIM and the people who do have a tendency to be brainless.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Junior Member
    Join Date
    Sep 2004
    Posts
    1
    This (among other reasons) is exactly why I have AIM privacy set up to allow only those on my list to IM me

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    This would work equally for any of the chat clients, would it not? Yahoo messenger,msn etc. They all contain the ability to view users profiles.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    http://www.k-otik.com/exploits/09252...gOfDeath.c.php

    The creator of this tool says that it requires someone to download a jpeg and view it in explorer, when I was led to believe that IE itself was vulnerable. (aren't they supposed to be the same anyway)

    Couldn't someone upload that JPEG above as an avatar or signature, and wreck havoc upon the unpatched users of this forum?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •