IM game spreads virulent ad-delivery software
Wednesday, February 11, 2004 Posted: 7:11 PM EST
SAN JOSE, California (AP) -- Some users of the popular AOL Instant Messenger program were bombarded Wednesday with messages seemingly from friends that linked to a humorous Osama bin Laden game.
Downloading the game, however, installed a piggybacking program that broadcast the advertisement from the infected computer to all correspondents on its AIM buddy lists.
The software, called Buddylinks, is not technically a virus because users must accept its terms of service before it's installed. The small-print legal disclaimer states what's being installed, though users tend to click through such legalese without reading it.
And that's one of the keys to its success.
The program is also clever in its use of social engineering to spread, extending a personal invitation that appears to come from what is typically a trusted friend.
"In addition to being a particularly slimy form of adware, is also a violation of the AIM terms of service," said America Online spokesman Andrew Weinstein. "We are actively investigating what legal options we have to prevent this company from doing this."
Anti-virus expert Ken Dunham at iDefense called Buddylinks a worm, for its self-propagating properties, and said it was "gaining ground in the wild and may prove to be a serious pest over the next few weeks."
On Wednesday, Buddylinks' Web site contained a message denying the program is a virus. The home page also makes no mention that the program would in the future send out additional advertisements using the same method.
"Our games interact with instant messengers by promoting the game among the user's network of buddies," it reads. "Please understand, our flash games are in no way a virus. We simply combine peer-to-peer, social networking, and instant messaging into one spectacular technology."
PSD Tools LLC is listed as the company behind Buddyworks. A message seeking comment was left with a support employee but not returned. The man, who declined to identify himself, said the program was launched Tuesday.
A source familiar with the software said Buddylinks actually originated from a company called Clickspring, which antivirus companies have identified as a distributor of adware and spyware.
One Clickspring offering, PurityScan, is marketed as a program that scans a computer for unwanted porn but also installs ad-delivery software. A woman who answered the phone at the number listed on Clickspring's Web site registration denied any affiliation with the company.
Besides potential legal action, AOL -- part of CNN's parent company Time Warner Inc. -- also was exploring technical options to stop the spread of Buddylinks. Weinstein said such a solution would be difficult because AOL does not scan instant messages as they pass through its computers.
He also said the scheme only affects users of AOL's free instant messenger program, not subscribers to the America Online service. Weinstein could not say how many people might have clicked on the links.
"The one important thing for consumers to know is that they should always execute extreme caution before downloading or installing any program unless they're absolutely sure why they got it," he said.
http://tinyurl.com/create.php
Topic: AIM Virus? (Read 1080 times)