RE: AIM Backdoor?

From: Ralph Los (RLosat_private)
Date: Tue Apr 09 2002 - 09:33:25 PDT

  • Next message: H C: "RE: I think I've been hacked...please help!"

    Yessir, I just double-checked my newly installed WinXP Pro machine, and low
    and behold - there's free.aol.com.  I quickly removed it, duh, thanks for
    the heads-up!  I wonder how many of us will do this in the next 10 mintes?
    
    Happy Tuesday all,
    
    ----------------------------------------|
    Ralph M. Los
    Sr. Security Engineer and Trainer
              EnterEdge Technology, L.L.C.
              rlosat_private
              (770) 955-9899 x.206
    ----------------------------------------| 
    
    ::-----Original Message-----
    ::From: mikedat_private [mailto:mikedat_private] 
    ::Sent: Monday, April 08, 2002 10:19 PM
    ::To: incidentsat_private
    ::Subject: AIM Backdoor?
    ::
    ::
    ::
    ::Repost attempt, dunno why it didnt go through the first time.
    ::
    ::
    ::
    ::I have had AIM installed here at work for a while. While 
    ::trying to repair the security zone settings on a users PC by 
    ::comparing them to my own, I noticed that free.aol.com had 
    ::been added to Internet Explorers "Trusted Sites" zone.
    ::
    ::If a simple minded user clicks one of the many "Free AOL and 
    ::Unlimited Internet" icons on their system, or one of the 
    ::5,800 links to this domain that google turns up, AOL can run 
    ::the code of their choice without prompting.
    ::
    ::Anyone care to verify my findings or find a CSS vulnerability 
    ::on free.aol.com? Does an employee of AOL care to comment?
    ::
    ::	-Mike
    ::
    ::
    ::--------------------------------------------------------------
    ::--------------
    ::This list is provided by the SecurityFocus ARIS analyzer 
    ::service. For more information on this free incident handling, 
    ::management 
    ::and tracking system please see: http://aris.securityfocus.com
    ::
    ::
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 11:52:07 PDT