w00w00 on AIM Filter (Backdoors & SpyWare)

[Jordan Ritter <jpr5 () darkridge com>]

BugTraq readership:

    It has recently come to our attention that AIM Filter, which we
    recommended as an appropriate temporary solution for the AIM
    buffer overflows we published, actually contains backdoors and
    spyware.  This became obvious when the source was released on
    January 5th, 2002.

    At the time, Robbie Saunders' AIM Filter seemed like a nice
    temporary solution.  Unfortunately, it instead produces cash-paid
    click-throughs over time intervals and contains backdoor code
    combined with basic obfuscation to divulge system information and
    launch several web browsers to porn sites. We only took the time
    to verify that it blocked the attack, since an analysis of AIM
    filter wasn't our priority. Mea culpa.

    In the meantime, we've cleaned up the AIM Filter code and produced
    a modified version available on our website, and we've removed all
    the backdoors and spyware.  For those of you who are still
    interested in using the software, we strongly recommend you use
    this modified version instead.  You will find it at:

         http://www.w00w00.org/files/w00aimfilter.zip

    We apologize to the security community at large for this mistake.
    However, we think this is a very apt example of why closed-source
    programs can be deadly.  You never know for sure what lurks under
    the hood of a binary executable, and of course U.S. Law (DMCA)
    forbids you from trying to find out.  Once again, disclosure is
    your best friend.
                     
    We urge readers to find out more about the DMCA at
    http://www.anti-dmca.org/.                        
                              
    We would also like to take this opportunity to provide updated
    reference information on the original AIM vulnerability, which has
    now been assigned a CVE Candidate ID: CVE-2002-0005.


--jordan and the w00w00 Security Team

Attachment: _bin
Description: