Buddylinks Stinks

Omie TheNull writes "After recieving several messages over AIM with the content: "check this out... http://www.wgutv.com/osama_capture.php?HlvU", I went to the page and discovered that it is sponsored by a site called "BuddyLinks." Their website is at http://www.buddylinks.net and they claim that they are NOT a virus. However, when you visit their links and install their "player" it seems that you are also installing software that takes control of your AIM buddy list and sends advertisments to those on your buddy list. The advertisements are obviously designed to look like innocent messages from your buddies asking you to check out certain links. Very scummy, indeed."

This Kind of Thing Keep Happening...

[GTRacer]

...Only because there are FAR too many people who just don't understand that there are people on the Internet with ulterior motives. I don't want to generalize, but I bet the kind of person easily swayed in this manner is also the telemarketer's best friend.

The more this type of "attack" keeps happening, the more I wonder if there shouldn't be a license or minimum firewall requirement to get on the 'Net.

Maybe we have to start teaching "Safe Surfing" along with Safe Sex in the teen years.

GTRacer
- speechless

Funny, I was messing with that last night...

[Hollinger]

Here's a copy of what the messages look like:
InfectedUser (12:30:45 AM): check this out... http://www.wgutv.com/osama_capture.php?hAsH
I'm wondering what that little hash code on the end is...

I haven't personally installed that crud, but I'm wondering if SpyBot (google for it) detects it. I clicked around the site, and, to be honest, it looks like they're setting themselves up for a huge "p2p" (I hate buzzwords) marketing push. I'm going to guess that this "jokes and pranks" business will come to an end when they have a sufficent install base, after which they'll start pushing the next new wave of spam for Viagra, Mortgages, Porn, or *checks his SpamNet folder* Internet gambling on you.

Here's a snippet from the license agreement with my emphasis:
Services; Modifications to Your Instant Messaging Client. The Software provides you the opportunity to access Content for no charge. In return for the right to access this Content, you acknowledge and agree that the Software contains additional software products provided to PSD Tools by its suppliers which will periodically deliver additional Content such as, but not limited to, advertisements and promotional messages to your Computer and programs that may alter your home page to offer you Content. In addition, the Software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your Computer to your contact or "buddy" list regarding Content offered by PSD Tools or its suppliers. If you desire to stop this activity, you may elect to stop the messages by navigating to the "buddylinks.net" entry in your "Start Menu", selecting the "buddylinks.net Configuration" item, and unchecking the appropriate option. You may also refer to PSD Tools' website at http://www.psdtools.com for an uninstaller. (http://www.buddylinks.net/terms.html)

Be careful out there

[Rick the Red]

The way to avoid worms, viruses, etc. is to apply some common sense and be careful. For example, never open email attachments when you don't know who sent them.

Another example, which applies here, is to avoid certain software. The "A" in "AIM" stands for AOL; therefore, I've never installed AIM and thus I avoid this latest marketing ploy.

Similarly, the "Windows" in "Windows Messenger" stands for Microsoft Windows, so I disabled it. Yes, I run Windows (because I can't avoid it for a variety of reasons), but I only run it behind an OpenBSD firewall, and I also run ZoneAlarm and Norton Anti-Virus. As Gene Simmons says, if it's raining wear a raincoat.

Mod this "flamebait" if you must, but you know I'm right.

Don't go near that site!!

[monkeyserver.com]

Some one at work clicked one of those links (it throws a link in your profile) and her machine was infected. It altered her ie's homepage, and it made it constantly write the page it was viewing to some temp dir. It also installed about 5 other progs. We tried to remove it, first with windows... no good it reinstalled itself,. Then we tried the uninstaller, well that got some of it, but there were still a good few side affects.

MY DEAR LORD!! stay away from these sleezballs, they make bonzia buddy look like a good idea. If anyone is deserving of a serious slashdotting it is them.

Don't infect the scum!

[Anonymous Coward]

..and you had to post the same scummy links on Slashdot. Perhaps 40% of the thousands of viewers will click the links just to see if they hold any information.

How much they're paying you per visits? Was it _you_ that authored the scummy-links?

Re:This Kind of Thing Keep Happening...

[0x0d0a]

This has nothing to do with firewalls. All traffic is going through legitimate programs -- AIM/IE. As a matter of fact, firewalls can make these problems worse, since legitimate people try to tunnel more crap through things like IE requests to avoid having their program set of alarms, etc.

Personal firewalls are, frankly, the worst thing to hit the Net sinc AOL.

It *would* be interesting to sandbox programs that can use the Internet to some degree. This cannot be done on Windows anytime soon (thanks, IE), but could be considered on other platforms.

Chew on their database

[0x0d0a]

You can stress-test their system by running the following script:

cat /usr/share/dict/words| perl -pe 'system("curl http://www.buddylinks.net/support.php?sn=$_");' >/dev/null

This will start removing everyone in their database, and will also eat cycles on their system.