resource center
  See your link here
|
IDG News Service -
Software recommended last week by security group w00w00 Security Development to plug a hole in America Online Inc.'s Instant Messenger (AIM) actually opens a user's system to hacker attacks and can direct the user's Web browser to pornographic Web sites, w00w00 said yesterday.
The security group was the first to publicize the hole in AIM last week (see story), prompting Dulles, Va.-based AOL to take action and correct the problem on the server side within a few days (see story). In its initial warning, w00w00 advised users to download and install a third-party program called AIM Filter for immediate protection. But that software comes with its own security problems, a member of the w00w00 team wrote in a posting to the Bugtraq mailing list late yesterday.
"At the time, Robbie Saunders' AIM Filter seemed like a nice temporary solution. Unfortunately, it instead produces cash-paid click-throughs over time intervals and contains backdoor code," Jordan Ritter wrote. The click-throughs direct the user's Web browser to advertisements using Saunders' referral code, generating commission payments for him.
W00w00 now offers a cleaned-up version of AIM Filter without these security holes, Ritter wrote. The problems with the software, which is designed to block certain AIM functions, were discovered Jan. 5, when Saunders released the source code for his filter, Ritter said in the Bugtraq posting, apologizing for the error.
AIM Filter creator Saunders said in a statement on his Web site that AIM Filter allows him to remotely obtain a user's Internet Protocol address and AIM build number. It also allows him to shut down AIM Filter on a user's system and open five "embarrassing Web sites," the statement said. The porn Web sites pop up only when AIM Filter is launched, not at time intervals, he stated.
It's unknown how many people installed AIM Filter. One AIM user in a newsgroup asked w00w00 for more detailed instructions on how to remove AIM Filter.
A buffer overflow vulnerability existed in the shared game feature of AIM, AOL said Jan. 2. Attackers could access a user's system by exploiting the vulnerability, according to w00w00.
Related stories:
IDG.net
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
