AIM Question
Results 1 to 6 of 6

Thread: AIM Question

  1. #1
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,229

    AIM Question

    Hey-

    A co-worker presented me with a question today that I couldn't answer. Maybe you can.

    She has started receiving instant messages from someone she doesn't know. Nothing threatening or harrassing, just annoying. She has her AIM settings set so that you can't see her online if you're not on her buddy list.

    I asked my co-worker why she put this person on her buddy list and she said she didn't. So, I removed the screenname from her buddy list, and blocked the name.

    But... How did the name get there in the first place?

    Is there some exploit or feature in AIM that by clicking a link, you add someone's screenname to your buddy list?

    Something to the effect of

    Code:
    <a href="AIM://addbuddy="joeshmoe"">
    or something similar?


    Thanks for the help!

    -c9
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  2. #2
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    Code:
    <a href="aim:addbuddy?screenname=YOUR AIM SCREEN NAME HERE">
    That is certainly the most common type of aim addbuddy list, since the official AIM program regsiters aim: similar to http handlers. It may have been this, she may have added it and forgot about it, or it may have even been something invoked in javascript (similar to above, but without clicking).

    Either way here are two peices of advice to avoid this:

    1. Never use the official AIM client. Use Trillian Free, use GAIM. Anything but the official client. It allows far too many ads, pop-ups, possible spyware, and buddy list hijacking.

    2. Get her off IE.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  3. #3
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,229
    Thanks g a!

    For my own benefit, have you or anyone else seen an example of this that they might be able to pass along?

    Thanks!
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  4. #4
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    Can't find an example website off the top of my head, but you could make your own real fast. This would automatically add a few screennames AND groupnames.:

    Code:
    <html>
    <head>
    <META HTTP-EQUIV="refresh" CONTENT=0;URL=aim:addbuddy?listofscreennames=test,test2,anothername&groupname=hackedgroupname>
    <body>
    This should add the names  'test'  'test 2' and 'anothername' to your buddy list as well as the group name 'hackedgroupname'.
    This should only work IF you have the official AIM client installed.
    </body>
    </html>

    edit:

    I just wanted to note that you could do a plethora of things like this automagically. Add someone to a chatroom without their approval. Register a new aim name. Set user icons, transfer files via aim transfer, etc etc. The official AIM client is a timebomb just waiting to explode. However, this was for the older AIM clients. Newer ones should ask for a confirmation dialog, but this means your friend could have just clicked yes to what seemed like an annoying popup.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  5. #5
    There are some pretty mean tricks you can pull with those URI handlers. When I reported them a while ago, AOL didn't really care and skipped them in the upgrade. They weren't dangerous, but they were most definitely mean.

  6. #6
    Junior Member
    Join Date
    Jan 2003
    Posts
    4
    In newer versions of AIM if someone IM's you, they are automatically added to a "Recent Buddies" folder on your buddy list. Can't remember if there's a way to turn it on or off in preferences, and I can't use AIM at the moment. hope that helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •