BugTraq readership:
It has recently come to our attention that AIM Filter, which we
recommended as an appropriate temporary solution for the AIM
buffer overflows we published, actually contains backdoors and
spyware. This became obvious when the source was released on
January 5th, 2002.
At the time, Robbie Saunders' AIM Filter seemed like a nice
temporary solution. Unfortunately, it instead produces cash-paid
click-throughs over time intervals and contains backdoor code
combined with basic obfuscation to divulge system information and
launch several web browsers to porn sites. We only took the time
to verify that it blocked the attack, since an analysis of AIM
filter wasn't our priority. Mea culpa.
In the meantime, we've cleaned up the AIM Filter code and produced
a modified version available on our website, and we've removed all
the backdoors and spyware. For those of you who are still
interested in using the software, we strongly recommend you use
this modified version instead. You will find it at:
http://www.w00w00.org/files/w00aimfilter.zip
We apologize to the security community at large for this mistake.
However, we think this is a very apt example of why closed-source
programs can be deadly. You never know for sure what lurks under
the hood of a binary executable, and of course U.S. Law (DMCA)
forbids you from trying to find out. Once again, disclosure is
your best friend.
We urge readers to find out more about the DMCA at
http://www.anti-dmca.org/.
We would also like to take this opportunity to provide updated
reference information on the original AIM vulnerability, which has
now been assigned a CVE Candidate ID: CVE-2002-0005.
--jordan and the w00w00 Security Team
Attachment:
pgp00065.pgp
Description: PGP signature
