AIM Send out random messages

Discussion in 'Computer Security' started by asdf, May 19, 2005.

  1. asdf

    asdf Guest

    people on our network seem to be affected with a weird security problem.
    Their
    AIM's are sending out random messages to their buddies. Scanned entire
    network
    with Mcafee and all the spyware removers. All the critical updats are
    installed.
    Also tried upgrading to the latest version of AIM but that didnt help.
    THey dont have firewall on their network just ACLs on their router.
    Any other ideas on how to approach this problem
    asdf, May 19, 2005
    #1
    1. Advertising

  2. asdf wrote:

    > people on our network seem to be affected with a weird security problem.
    > Their
    > AIM's are sending out random messages to their buddies. Scanned entire
    > network
    > with Mcafee and all the spyware removers. All the critical updats are
    > installed.
    > Also tried upgrading to the latest version of AIM but that didnt help.
    > THey dont have firewall on their network just ACLs on their router.
    > Any other ideas on how to approach this problem


    I remember reading about a virus that does that. It sounds like you have it.
    First, at least block AIM so you do not infect other people. I will do a
    search and see if I can find the name of the virus. You should try also.

    Michael
    --
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html

    Protect your rights
    http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php
    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
    Michael Pelletier, May 19, 2005
    #2
    1. Advertising

  3. asdf wrote:

    > people on our network seem to be affected with a weird security problem.
    > Their
    > AIM's are sending out random messages to their buddies. Scanned entire
    > network
    > with Mcafee and all the spyware removers. All the critical updats are
    > installed.
    > Also tried upgrading to the latest version of AIM but that didnt help.
    > THey dont have firewall on their network just ACLs on their router.
    > Any other ideas on how to approach this problem


    This might be what you are looking for:
    http://www.jayloden.com/BestFriends.htm


    Michael
    --
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html

    Protect your rights
    http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php
    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
    Michael Pelletier, May 19, 2005
    #3
  4. asdf

    PA Bear Guest

    W32/Oscarbot & variants (which are multiplying exponentially)
    http://www.google.com/search?hl=en&q=oscarbot

    For a sample of what you're in for, see "Oscarbot The Grouch" at
    http://aumha.org/elist.cgi

    Checking for/Help with Hijackware & (Trojans like Oscarbot)
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/data/tshoot.htm
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/

    Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    installing McAfee updates (i.e., several times a day) and scanning.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security




    asdf wrote:
    > people on our network seem to be affected with a weird security problem.
    > Their
    > AIM's are sending out random messages to their buddies. Scanned entire
    > network
    > with Mcafee and all the spyware removers. All the critical updats are
    > installed.
    > Also tried upgrading to the latest version of AIM but that didnt help.
    > THey dont have firewall on their network just ACLs on their router.
    > Any other ideas on how to approach this problem
    PA Bear, May 19, 2005
    #4
  5. asdf

    asdf Guest

    thank you all for awesome replies. However do you have any idea why would
    mcafee with the latest definitions not be able to detect the problem?
    Will scanning with norton, kaspersky would be more successful?


    "PA Bear" <> wrote in message
    news:...
    > W32/Oscarbot & variants (which are multiplying exponentially)
    > http://www.google.com/search?hl=en&q=oscarbot
    >
    > For a sample of what you're in for, see "Oscarbot The Grouch" at
    > http://aumha.org/elist.cgi
    >
    > Checking for/Help with Hijackware & (Trojans like Oscarbot)
    > http://aumha.org/a/parasite.htm
    > http://aumha.org/a/quickfix.htm
    > http://aumha.net/viewtopic.php?t=5878
    > http://mvps.org/winhelp2002/unwanted.htm
    > http://inetexplorer.mvps.org/data/prevention.htm
    > http://inetexplorer.mvps.org/data/tshoot.htm
    > http://www.mvps.org/sramesh2k/Malware_Defence.htm
    > http://defendingyourmachine.blogspot.com/
    >
    > Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    > installing McAfee updates (i.e., several times a day) and scanning.
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-Windows (IE/OE) & Security
    >
    >
    >
    >
    > asdf wrote:
    > > people on our network seem to be affected with a weird security problem.
    > > Their
    > > AIM's are sending out random messages to their buddies. Scanned entire
    > > network
    > > with Mcafee and all the spyware removers. All the critical updats are
    > > installed.
    > > Also tried upgrading to the latest version of AIM but that didnt help.
    > > THey dont have firewall on their network just ACLs on their router.
    > > Any other ideas on how to approach this problem

    >
    asdf, May 19, 2005
    #5
  6. Maybe McAfee doesn't have it in their defs at this time.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.html

    "asdf" <> wrote in message
    news:OY_ie.12569$...
    | thank you all for awesome replies. However do you have any idea why would
    | mcafee with the latest definitions not be able to detect the problem?
    | Will scanning with norton, kaspersky would be more successful?
    |
    |
    | "PA Bear" <> wrote in message
    | news:...
    | > W32/Oscarbot & variants (which are multiplying exponentially)
    | > http://www.google.com/search?hl=en&q=oscarbot
    | >
    | > For a sample of what you're in for, see "Oscarbot The Grouch" at
    | > http://aumha.org/elist.cgi
    | >
    | > Checking for/Help with Hijackware & (Trojans like Oscarbot)
    | > http://aumha.org/a/parasite.htm
    | > http://aumha.org/a/quickfix.htm
    | > http://aumha.net/viewtopic.php?t=5878
    | > http://mvps.org/winhelp2002/unwanted.htm
    | > http://inetexplorer.mvps.org/data/prevention.htm
    | > http://inetexplorer.mvps.org/data/tshoot.htm
    | > http://www.mvps.org/sramesh2k/Malware_Defence.htm
    | > http://defendingyourmachine.blogspot.com/
    | >
    | > Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    | > installing McAfee updates (i.e., several times a day) and scanning.
    | > --
    | > ~Robear Dyer (PA Bear)
    | > MS MVP-Windows (IE/OE) & Security
    | >
    | >
    | >
    | >
    | > asdf wrote:
    | > > people on our network seem to be affected with a weird security
    problem.
    | > > Their
    | > > AIM's are sending out random messages to their buddies. Scanned entire
    | > > network
    | > > with Mcafee and all the spyware removers. All the critical updats are
    | > > installed.
    | > > Also tried upgrading to the latest version of AIM but that didnt help.
    | > > THey dont have firewall on their network just ACLs on their router.
    | > > Any other ideas on how to approach this problem
    | >
    |
    |
    Tom Pepper Willett, May 19, 2005
    #6
  7. asdf

    PA Bear Guest

    The filenames which Oscarbot & variants drop are constantly morphing. At
    this point, AV and anti-malware teams can't keep up with them all so no,
    scanning with other AVs aren't likely to offer better results (but YMMV).
    See the "Oscarbot The Grouch" story I linked to earlier.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    asdf wrote:
    > thank you all for awesome replies. However do you have any idea why would
    > mcafee with the latest definitions not be able to detect the problem?
    > Will scanning with norton, kaspersky would be more successful?
    >
    >
    > "PA Bear" <> wrote in message
    > news:...
    >> W32/Oscarbot & variants (which are multiplying exponentially)
    >> http://www.google.com/search?hl=en&q=oscarbot
    >>
    >> For a sample of what you're in for, see "Oscarbot The Grouch" at
    >> http://aumha.org/elist.cgi
    >>
    >> Checking for/Help with Hijackware & (Trojans like Oscarbot)
    >> http://aumha.org/a/parasite.htm
    >> http://aumha.org/a/quickfix.htm
    >> http://aumha.net/viewtopic.php?t=5878
    >> http://mvps.org/winhelp2002/unwanted.htm
    >> http://inetexplorer.mvps.org/data/prevention.htm
    >> http://inetexplorer.mvps.org/data/tshoot.htm
    >> http://www.mvps.org/sramesh2k/Malware_Defence.htm
    >> http://defendingyourmachine.blogspot.com/
    >>
    >> Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    >> installing McAfee updates (i.e., several times a day) and scanning.
    >> --
    >> ~Robear Dyer (PA Bear)
    >> MS MVP-Windows (IE/OE) & Security
    >>
    >>
    >>
    >>
    >> asdf wrote:
    >>> people on our network seem to be affected with a weird security problem.
    >>> Their
    >>> AIM's are sending out random messages to their buddies. Scanned entire
    >>> network
    >>> with Mcafee and all the spyware removers. All the critical updats are
    >>> installed.
    >>> Also tried upgrading to the latest version of AIM but that didnt help.
    >>> THey dont have firewall on their network just ACLs on their router.
    >>> Any other ideas on how to approach this problem
    PA Bear, May 19, 2005
    #7
  8. asdf

    asdf Guest

    yes you were right it was the opanki worm.
    new mcafee dats detected it

    "Tom Pepper Willett" <> wrote in message
    news:...
    > Maybe McAfee doesn't have it in their defs at this time.
    >
    > http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.html
    >
    > "asdf" <> wrote in message
    > news:OY_ie.12569$...
    > | thank you all for awesome replies. However do you have any idea why

    would
    > | mcafee with the latest definitions not be able to detect the problem?
    > | Will scanning with norton, kaspersky would be more successful?
    > |
    > |
    > | "PA Bear" <> wrote in message
    > | news:...
    > | > W32/Oscarbot & variants (which are multiplying exponentially)
    > | > http://www.google.com/search?hl=en&q=oscarbot
    > | >
    > | > For a sample of what you're in for, see "Oscarbot The Grouch" at
    > | > http://aumha.org/elist.cgi
    > | >
    > | > Checking for/Help with Hijackware & (Trojans like Oscarbot)
    > | > http://aumha.org/a/parasite.htm
    > | > http://aumha.org/a/quickfix.htm
    > | > http://aumha.net/viewtopic.php?t=5878
    > | > http://mvps.org/winhelp2002/unwanted.htm
    > | > http://inetexplorer.mvps.org/data/prevention.htm
    > | > http://inetexplorer.mvps.org/data/tshoot.htm
    > | > http://www.mvps.org/sramesh2k/Malware_Defence.htm
    > | > http://defendingyourmachine.blogspot.com/
    > | >
    > | > Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    > | > installing McAfee updates (i.e., several times a day) and scanning.
    > | > --
    > | > ~Robear Dyer (PA Bear)
    > | > MS MVP-Windows (IE/OE) & Security
    > | >
    > | >
    > | >
    > | >
    > | > asdf wrote:
    > | > > people on our network seem to be affected with a weird security
    > problem.
    > | > > Their
    > | > > AIM's are sending out random messages to their buddies. Scanned

    entire
    > | > > network
    > | > > with Mcafee and all the spyware removers. All the critical updats

    are
    > | > > installed.
    > | > > Also tried upgrading to the latest version of AIM but that didnt

    help.
    > | > > THey dont have firewall on their network just ACLs on their router.
    > | > > Any other ideas on how to approach this problem
    > | >
    > |
    > |
    >
    >
    asdf, May 20, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JimRoe
    Replies:
    1
    Views:
    702
    Leonidas Jones
    Feb 9, 2005
  2. turboace
    Replies:
    0
    Views:
    574
    turboace
    Dec 15, 2005
  3. CSB

    Any AOL AIM experts out there?

    CSB, Jan 5, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    427
    Alexander Rogge
    Jan 5, 2005
  4. Random Network drop out issue

    , Jan 2, 2007, in forum: Wireless Networking
    Replies:
    29
    Views:
    1,195
  5. Replies:
    0
    Views:
    505
Loading...

Share This Page