Users of AIM+ are unwittingly sharing information about themselves every time they connect to AOL. Aside from the spyware, AIM+ in my opinion is an excellent AOL instant messenger wrapper. What is AIM+? From the website (www.big-o-software.com): "AIM+ is an add-on to AOL's Instant Messenger for Windows. It integrates automatically and flawlessly with AIM, adding crucial features like IM/Chat Logging (with an integrated History Browser), Ad Removal, Cloning, Customizable Buddy List Window, and Translucent Windows." I noticed some odd traffic which upon examination became immediately identifiable as belonging to AIM+. In version 2.1.1 build 59 (as well as the latest release 2.2 build 63 and probably earlier releases) an HTTP connection is made to www.big-o-software.com (63.242.135.29) referencing a PHP script which stores the following information: - AOL instant messenger screen name - AIM+ information: - all your AIM+ settings - AIM+ version - AIM+ paths - OS and version - Computer network name - CPU and RAM information - Screen resolution - Current UID (NT) The author of course also gets your IP address and login time for free from the request. I wrote the author about this issue on 5.6.2002 and have received no response to date. There is a simple fix for those who would like to continue using the software while removing the spyware: - Open AIM+.dll from your AIM+ install directory with a hex editor - Locate the string "tracking" - Null out the entire URL Here are the approximate addresses of the strings to remove in the latest two releases of AIM+: 2.1.1 build 59 0x126a0 2.2 build 63 0x13790 If you want to be really lazy you can download replacement dll's from my website, again for the latest two releases of AIM+: http://pedram.redhive.com/advisories/AIM+/ -pedram
This archive was generated by hypermail 2b30 : Fri May 31 2002 - 13:12:34 PDT