AIM Send out random messages

Discussion in 'Computer Security' started by asdf, May 19, 2005.

  1. asdf

    asdf Guest

    people on our network seem to be affected with a weird security problem.
    Their
    AIM's are sending out random messages to their buddies. Scanned entire
    network
    with Mcafee and all the spyware removers. All the critical updats are
    installed.
    Also tried upgrading to the latest version of AIM but that didnt help.
    THey dont have firewall on their network just ACLs on their router.
    Any other ideas on how to approach this problem
     
    asdf, May 19, 2005
    #1
    1. Advertisements

  2. I remember reading about a virus that does that. It sounds like you have it.
    First, at least block AIM so you do not infect other people. I will do a
    search and see if I can find the name of the virus. You should try also.

    Michael
    --
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html

    Protect your rights
    http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php
    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
     
    Michael Pelletier, May 19, 2005
    #2
    1. Advertisements

  3. This might be what you are looking for:
    http://www.jayloden.com/BestFriends.htm


    Michael
    --
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html

    Protect your rights
    http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php
    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
     
    Michael Pelletier, May 19, 2005
    #3
  4. asdf

    PA Bear Guest

    W32/Oscarbot & variants (which are multiplying exponentially)
    http://www.google.com/search?hl=en&q=oscarbot

    For a sample of what you're in for, see "Oscarbot The Grouch" at
    http://aumha.org/elist.cgi

    Checking for/Help with Hijackware & (Trojans like Oscarbot)
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/data/tshoot.htm
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/

    Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    installing McAfee updates (i.e., several times a day) and scanning.
     
    PA Bear, May 19, 2005
    #4
  5. asdf

    asdf Guest

    thank you all for awesome replies. However do you have any idea why would
    mcafee with the latest definitions not be able to detect the problem?
    Will scanning with norton, kaspersky would be more successful?
     
    asdf, May 19, 2005
    #5
  6. Maybe McAfee doesn't have it in their defs at this time.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.html

    | thank you all for awesome replies. However do you have any idea why would
    | mcafee with the latest definitions not be able to detect the problem?
    | Will scanning with norton, kaspersky would be more successful?
    |
    |
    | | > W32/Oscarbot & variants (which are multiplying exponentially)
    | > http://www.google.com/search?hl=en&q=oscarbot
    | >
    | > For a sample of what you're in for, see "Oscarbot The Grouch" at
    | > http://aumha.org/elist.cgi
    | >
    | > Checking for/Help with Hijackware & (Trojans like Oscarbot)
    | > http://aumha.org/a/parasite.htm
    | > http://aumha.org/a/quickfix.htm
    | > http://aumha.net/viewtopic.php?t=5878
    | > http://mvps.org/winhelp2002/unwanted.htm
    | > http://inetexplorer.mvps.org/data/prevention.htm
    | > http://inetexplorer.mvps.org/data/tshoot.htm
    | > http://www.mvps.org/sramesh2k/Malware_Defence.htm
    | > http://defendingyourmachine.blogspot.com/
    | >
    | > Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and
    | > installing McAfee updates (i.e., several times a day) and scanning.
    | > --
    | > ~Robear Dyer (PA Bear)
    | > MS MVP-Windows (IE/OE) & Security
    | >
    | >
    | >
    | >
    | > asdf wrote:
    | > > people on our network seem to be affected with a weird security
    problem.
    | > > Their
    | > > AIM's are sending out random messages to their buddies. Scanned entire
    | > > network
    | > > with Mcafee and all the spyware removers. All the critical updats are
    | > > installed.
    | > > Also tried upgrading to the latest version of AIM but that didnt help.
    | > > THey dont have firewall on their network just ACLs on their router.
    | > > Any other ideas on how to approach this problem
    | >
    |
    |
     
    Tom Pepper Willett, May 19, 2005
    #6
  7. asdf

    PA Bear Guest

    The filenames which Oscarbot & variants drop are constantly morphing. At
    this point, AV and anti-malware teams can't keep up with them all so no,
    scanning with other AVs aren't likely to offer better results (but YMMV).
    See the "Oscarbot The Grouch" story I linked to earlier.
     
    PA Bear, May 19, 2005
    #7
  8. asdf

    asdf Guest

    yes you were right it was the opanki worm.
    new mcafee dats detected it
     
    asdf, May 20, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.