-
September 29th, 2004, 02:03 PM
#1
***HEADS UP**** AIM Users
from ISC
The handlers have received several reports that AIM messages are being used to entice users to download and view jpegs that match current signatures for the GDIplus.dll exploit.
The basic method is to attach GDI exploits to profiles on AIM. The attacker then sends messages to get the user to go look at the user profile that has a jpg with the gdiplus.dll exploit in it.
This is the message being seen "Check out my profile, click GET INFO!" But of course that would be easy to change so it is probably not worth adding to your IDS signature list.
Easy one.... Social engineering, but it can still work.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
September 29th, 2004, 02:07 PM
#2
I was talking to a few of the guys that were seeing those. Kind of scary actually..since AIM users are the same people that click click click on everything.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
September 29th, 2004, 02:16 PM
#3
Hog:
Absolutely.... The effectiveness of any exploit relies upon two things, a broad enough user base to have a significant infection rate and the ability to identify and "transport" the exploit throughout the vulnerable systems. In this case the user base is the problem in both criteria. Lot's of people use AIM and the people who do have a tendency to be brainless.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
September 29th, 2004, 03:51 PM
#4
Junior Member
This (among other reasons) is exactly why I have AIM privacy set up to allow only those on my list to IM me
-
September 29th, 2004, 04:12 PM
#5
This would work equally for any of the chat clients, would it not? Yahoo messenger,msn etc. They all contain the ability to view users profiles.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
September 29th, 2004, 04:20 PM
#6
http://www.k-otik.com/exploits/09252...gOfDeath.c.php
The creator of this tool says that it requires someone to download a jpeg and view it in explorer, when I was led to believe that IE itself was vulnerable. (aren't they supposed to be the same anyway)
Couldn't someone upload that JPEG above as an avatar or signature, and wreck havoc upon the unpatched users of this forum?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|