Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


AOL Suspends Trojan-Infected AIM Accounts



 By: Ryan Naraine
2005-05-24
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
America Online's internal "anti-SPIM" controls caused the inadvertent suspension of some screen names that had been infected with the Oscarbot/Doyorg Trojan.

America Online on Tuesday confirmed the inadvertent suspension of an undisclosed number of Trojan-infected AIM screen names.

The company said its internal anti-SPIM (spam over IM) mechanism flagged the infected screen names for terms-of-service abuse and led to the account cancellations.

The suspension is directly related to the virulent "Oscarbot" Trojan Horse that targets AOLs Instant Messenger users and propagates by sending IMs to every buddy on an infected users buddy list.

America Online Inc.s behavior-pattern tracking system noticed the unusual surge in IM activity and unintentionally flagged the infected users as potential IM spammers.

Unfortunately for Arshi Siddiqi and Kati Prendergast, two AIM users who were infected by the Trojan, the suspension has led to the loss of their valuable lists of contacts.

Resource Library:

"My entire buddy list is lost, and I have met with great difficulty trying to retrieve it," Prendergast said in e-mail message.

She said AOL sent two separate cancellation notices and gave her the option of replying to challenge the suspension. "I did so both times because I feel that I should not lose an account I have been using for about six years and all of the set preferences that Ive created. It has been approximately a week since my first reply, and I have heard nothing back," Prendergast added.

AOL confirmed the automated e-mail process and promised it would investigate and reinstate the screen names.

Read more here about the Oscarbot virus.

Siddiqi, who lost access to a screen name he had been using for five years, described the episode as "extremely frustrating."

"It stopped working last week and I have been emailing AOL and filling out the form on the AIM Web site," he said.

"When an account is suspended, we send an automated e-mail with instructions on how to get their account unsuspended if they have been a victim of a virus, worm or Trojan," said Chamath Palihapitiya, vice president and general manager for the companys AIM and ICQ units.

In a statement released to Ziff Davis Internet News, Palihapitiya said AOL was "looking into each situation on a case-by-case basis and will reinstate affected accounts as quickly as we can."

"We appreciate AIM users loyalty and the investment they have made in building their Buddy Lists. We apologize for the inconvenience that the Oscarbot Trojan has caused and intend to do everything we can to eradicate it," he said.

In terms of volume, only a very small number of users are dealing with the inadvertent suspension problem.

The company plans to put up a notice on the AIM.com Web site to handle requests for reinstatement.

Click here to read about security problems with America Onlines Netscape update.

The Oscarbot Trojan, which is also known as "Doyorg," spreads via a URL embedded in an IM labeled "Check out this" or "i thought youd wanna see this."

When the link is clicked, the user is prompted to save/run an executable file that installs the Trojan. Oscarbot/Doyorg has the ability to contact a remote IRC (Internet Relay Chat) server and log on to a specified channel and wait for further instructions.

"One of these instructions can result in the bot program sending the aforementioned hyperlink to all recipients on the infected users buddy list. Technically not a worm, this threat requires a bot commander to initiate the spimming routine," anti-virus vendor McAfee Inc. said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: AOL Suspends Trojan-Infected AIM Accounts
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}kWHj.:``vVV#KI\'{Oo܈aTdFdDddddmm}Iș="1(ٞ8Fϧޙ&Tއ{՜(ɑԫP]}nw2Gv57v@\ }@^mFD%x_'Щ-ѩ€wɘqPjɈޠ-}D}Fn\3Ѣifb^P+$ȁ_ ̢՜%yH}u)p}(DsXq@ՇHaD<ȴ' }^b&{By85;^7W0Ba50vK]K퓾 nCUVek햡=lvy!rs#gsݻHfPrFNWw#205FR#[dTZ Ӿc)u8r `pJ)JPtGL!nK>!P:x 3~bA2xf`Q*! lpa-'C\t^䖡_ֽYA׾>y6Գލ]좖.'l,R_@ظ?0}$OL"c9˾,Fp0 ,spi M-ʻ=ew(^ߛiOL7?p&oͧ3jw.Z9~]o-ж$=U>uܯ>3i^Y_KMD߁0QQ- I|/ Z@c::-gVyj#tx'n+hvd -bv=ӧ0}_8rjv򳹥ym^]^:Mm^>2fPeM~(!3hE+%P9n<_sܴ.9n_Fu +|q>5 0\6:֪ǷV1X?0|kh2`=p8LwJ' ?5G/M2χg#dp$ˍn{~F z훨-tK9K }!x#{%? ,_ fk7 J3n ":sPO}N{{{mҘ 9B:%ϩyW7.hr Ce)#8?c݃I hJq䰉cXSl؅ R4ewGO XRU>hI"F[fT}O%ތE z%Kuu7pKIzhN+3W|{7/ .ϱGf EΛN S3G#洋вn3V.ŦcWPsr /*{rk hc2e8l ԰2nС>A0UtO|>9Tm'!|Бdmx=Z.S3c4!.iG&uЀoap{4ڭN-%_y >< jN=H:}mP`95$GCMߟLs#08w ɝ 5y0%ݻ}`y1&բ !TgЧ ,zz>)@}9\PlmN7-oZ`1 5JKm@i0x2C7DУg$@!-i]R@Az6W; -8,rr8 $^zGBjq7ilbq 3gb񡸋vn<wS,BV-KᗄPf%i2m< -&D7r"e.G Ÿ3-uum{swW9дR>Ф7903Һ8NM uX&# K8Y6fz? ǀs Xwz0aEiŬ9e߃19 iq^i.:[@wOeUZpzQ^ӛA#~/ \[KŽY&^&ۂx A-ҘZZE"JMP> <Cɣ($mE6L?{InPy{cO!>7l;`(`T51)K`5E+sXjgܲ&P !r?Ll5K1թw@4="zCnzcG@>`өǟGQ,C*8c4( >Fװ DؘZQ{gm1JhA˸>q,?XĞ\FCǚM\Sݳa縹.lKu{&}5l2_5C 0͉V*a0؋TMk'6R^-"/;0iTҗJAUcϒak@Lf2,re9لAٌ3]}Zj489WSo>e< ġMDBIaT90l]t?N}굌VF0\ ?@R)Ö1oi&lj,*I݂4YE j4A d+BS{ZIU]\.f=>2~2Ejwp9!< _p˻cM7?LZ7z/Qz^nL}6݀ /rϘ,|vqZE[O`cR av5 1;>Ub1Id\@V@07GWKVg=i v jSw+q5`EYۃ?O̾ޭlF'F ivoc(0fԧӠ-Rxsھe=UNnRkEBZG ?cqi@x8@Až.JyRPKkjTyEث‡61ር54 U|8ʳZJqvSTy9kY%f+aEL4=rWo鸙 gy@<sUӊ ̿Y`c1s*? .=<Rglg^b+o20OwžWBpaqgPN]U[A9Tb>JiRx` f΄ziuR+̖K%4e3/-CX&rnkS@vKCe!rUN6[_)ra vA *s>P9ɷwnh‰lCXx|{ `?Kd{c, ,"zдb-.=2fV(Xŕ?~hhqL m_~ن^?heAbE1 wzcyKV~ZgZqRYtW%mpjtOIAc틮t\?o}3>L;̾~xfiu[} {@Nn}݇-4._E}R< jtr|ѐZ&?eB&{fB,G8HŸz9}/evt{{Yo4Z'a>;kwF"$ _9lws~uҺ_>jQrֺhJ^Kƃ w"Yb%9!hUHf*<bShǛ&a-kC K#fWDH[h!Uyřb9kI.Dz=d_5g0hl귭%/ٿ+[̚fĄBArNx(@RPOh%[#YKt$;3Ğ]Ih !,:Uaҋ"穔(BS.hDO§,-'Ss0SvS:%I# em$jRSfj# $_2JI,v+Vht(lA: jÚMd /.il6D20&@v\d0Ӑ`qm‰@P V^ QגZ4ҫoeW!9 lj9l0ta^}rW-t#^YbmS==tcl%vd:Gw*b),_h]rrӅ[enϦy$smoC'رD}0&5g \aA1con ~Uު8Gqܘx,3uw H-@N޽?0Qp]9Qz AC~g^sFΛ>ﴚkUe'Sw)mot>Ninmǡ8 0Vd$4P$yUZ/VU $]td%FtZx@2&j%3 =яki^x̠t8l>;{f1vn{P .y{~uI.%~Wv(TRwnϽdO۬(J鲇\%(#]MT-^\RK>_U@< b^_ IMwzZVN Ȣw63CŸVA!{zi.=Xr4gazc{ƹ39x <v8\.߬k]8)<A~A< vD4);7yΛj}hn=d⫆ܚU õcV`j8-$$\}5 _;bE Iu1^[Q|?_O83{M4hZSGל7&/6).?.BӞ Ma_}{2.mE6zQc%Fu;^c͗ۉ%0fDDD.ёnWS 4t<)SvvϥHwGgR1)-V-v}'[2)@׶kUACtbڰ,;4_TE-*{1nu"WLΨn`3>#Ejk9&3$ sd²'3v"]Z]?˰ulW*n.gsad6'>cv;<(Rlמ sVN8 k.EqhVٞW~/Mٳ+ (mF탭3F57F(Ue".ǃQǻt4>D|#d(΀۩,SS:Rrl@~eGSn3$f?̾Ï ,IJY dg,'{0@1|AHcI=)w_L2?vEk>a]z$w9-`(ۆtX0:>Ky!S]GȤz\*)H%<<^ރt_;Y뜔0'}* {=SiLv;BFk4E)I*C "nekhIt0R{I ukBgGJ_u[R UOya,pFXzlt opmcʺSx:->o - _ “M`fʞ[bqaC 3^|$D \MϯO/MHwm͊O਽u9jŦ1ӘrkZtO Ԡw¬A'UGeW$H`T"osm3._|V㪔ML)Si sgx f 5vf0]Z6⌊lb^3Ks4ajU68/}vޣA1ACx^1ӌ~ujmeI)X-k_`y/-xGPfEAd2!&ZɕZ֭JeK1SDę>á ӭ3@bI+G:׉72O7"ղ_Ңe+a>kB!*_5[= ,ǹ]U#=`s~sQ35 PUwbZ}¡ 8"aFK6sp[w}{65"BlLƯ,?KX];H<7 lSec D:tP1rApyv- \ζfH >ҵMj 3oX>6߄iMa4-@ clCwPy޿);Dx#tMPmR{Mx1wK3(db,zwwT eԲO_bwbz) /je+M"q"$l&2L9mL^̚\Z|Z~S080z;}K&Vِao`Òq%KOڦo(Vg0% g"ћf2Ͻ_1DZ/LE/YH>g-|Q.eI]3L&x/]9)~kM;DZVn: _'uK}v'>9C[2NCv4 UΌ 8;3EMF| 3ׅQ]00 Nt.h] IWeaY7mqX渲@MvbY$ߑ^Z y&uj}mҡӁͻ7Ec7xd5nUV|oBRsp|Vp C7%M6K.j!XՖ=}Ut0j uEŝlB|,<ݧt: @㈾k[[^:㮫,E};:N]_, s ̞9uqu\ݲ~o x7 _|G]`Iq, kP!cf5oxN O0=kgNjvxNv]=G?uսeG( x}-Ҫ=k/ ZX1 I7>?:-Fr02?^='RV;ac 0&$,S|eͦқl0aA(op?/H[zωX!? KH)PG%5&?vpV8&|ߤ}>y<5A$㷈1E0Q)̽&RN *{X<癳Y$ݽ2kM)'>?GY1vY qmamM[,F pBYWP>e0‡,q rذ,ԥ BU,DNڝeNs%wO(aZ&U>9vE1h}PR #K’&sϘ,=&AsYXkO:Rga~bQ-TJ)̛gHp\\* EG#$wlN(9LtxZڈBLkK~Ky'צZA_a7Uq]k+i\MY r Qvĸ , 0ޛK{1qkI{y>d&FŒ80ڱJb ݫ)RRćPׯ0O|Zܾ\`{c+K-^a>EU-'d[_k4s;'¨ӔAJa3rۺm;6EOt K/H[KUT-oD^h-nO55PrEust1RBʇh9=P<24&̪6X=c  )DŽk),6$A .kh>a{ϸR(=heAb+O>B2xA1K= _w+JkcQl* u!߰,VIm{7R[ ?yꊍ\DQʡ`jMvF:#͛Ym^u*<>sMda#oa]<}ϭ(!'vQ]Q s`^gnh?OsˮOcPΣW L_J.JEEt03#?B5ij(tSJTmn$L,:S Mh0vsXgs7R}V-x}1VO YdbBKl͒w\j:rtT-+ʎ|{}w` > YDeb@Ԑ08ح>>& .ycI OyN4W+s ;:By 1º_F`3W V*jY)OBӞRsFt-IXUqU{wy|7 ,g/cSiBR ?$-GPxɺ9wi}a3brucV;j12Ztt.r:X)` чjIa p!>E4ϚG]ҾhjIJ/π2?AP5 ʯVՁSm(og#wW7fF.?gPyui+W;m.o5rV#gZVF?urO/Peu?ˀ]93?w槤Ix崝#&JR7喛O'ikr(%s<2g.h{U2U݌ Œc]oFD1KAB0_wQރe&o ~<ĊrnOArtDw[MAw'[/:)7ӚܴO]4v<2kիK+#B%Afb S-O^__Ҽ.'MОNgAUe7Us !Qa7Ejo2x s.螁iX. 7{ќď[#ebIi_*jڮZj\,r?n%WHdACDd5ɪ"+W9 طV+){2D`q9#Tx|Denګ.91C=b{hǬ[ɖb(p EУ#o6A15T|y3s ``QKp^v, ā` f@2b+`{8z9( 3}W?mZ .eа!,sv[`\G;o=1gi }fy0\9 wLBw]UݡQG7ӦB~`̀NtWЫȹ&SI" 9oޔ_CǓH,_bY\q=X,,jSsp˭d<@T6rֲ"9<w;$`\-u{Ȫ4yxa޷.kz6ɛ7.hpx@\`ﲮnƝ)ZDœj@@r6"lc+sId b0O|e'OqyIZf^$ul60H-;x 􁥕o@;osҙ`&<[Äצ,|Ŷ/G㿄&lA[0M}ǹ~rh`=E('aO~EEa5 .X&">m?'&}Ju+KG "@pET'"QTD sQ)Ybd圙F5wv/-9JrX}P/):OOgsZe<H6"B5`/=H,S\c(|9NhنG0ޏq[PTl@xSa ˱6 E=bV 96QmQ%ຨ?X50(|uu |Ta=t+sccΜW *φŀ-{̾!V ^f-1ˇq!}/őYX&7ę /O CWѰ0 L[,lqEG%RbNC` 0F #:T2 19]/K xI1%h3l䳈mAb?٥c),#ǝ[zw0XjPtP9ΓOz0 9TMhc{pfi&#S3 {τ ixv4<6TF_E@GgyUĔfٵMǑCBȚB>eS1}'@n0\|˯H d9[\M^مu3\j)/YH~> \99.@OI"cXM1}aE |1CGWs+ uSq~9k.\7o,}ѕ筳/<\Sm}v4<~vi}m a% ѨT\4['%GU -}pKGNڟ/RXBYQ$DU $RzFuql uI+_O1dF-<#@FUJZ9Nbh|ۊX#iQgrYOJaKm>N~늘p6JL?5۔9MR"GZj/%!&++EiQ}"' Cfan)nǝl| n%96L]_[ P@+廄