Software recommended by security group w00w00 to plug a hole in
America Online's Instant Messenger (AIM) software opens users'
systems to hacker attacks that can direct their Web browsers to
pornographic Web sites.
In its initial warning about a security flaw in AIM, w00w00 advised
users to download and install a third-party program called AIM
Filter for immediate protection. However this software comes with
its own security problems, a member of the w00w00 team later wrote
in a posting to the Bugtraq mailing list on Tuesday (8
January).
"At the time, Robbie Saunders' AIM Filter seemed like a nice
temporary solution. Unfortunately, it produces cash-paid
click-throughs over time intervals and contains back door code,"
wrote w00w00's Jordan Ritter. The click-throughs in question direct
the user's Web browser to advertisements using Saunders' referral
code, generating commission payments for him.
AIM Filter creator Saunders said in a statement on his Web site
that AIM Filter allows him to remotely obtain a user's IP (Internet
Protocol) address and AIM build number. It also allows him to shut
down AIM Filter on a user's system and open five "embarrassing Web
sites," the statement said. The porn Web sites only pop up when AIM
Filter is launched, not at time intervals, Saunders said.
W00w00 now offers a cleaned up version of AIM Filter without these
security holes. The problems with the software, designed to block
certain AIM functions, were only discovered on 5 January when
Saunders released the source code for his filter, Ritter said in
the Bugtraq posting, apologising for the error.
It is not known how many people installed AIM Filter as a result of
the recommendation from w00w00.
W00w00 originally warned about the security flaw in AIM in response
to a buffer overflow vulnerability in the shared game feature,
prompting AOL to take action and correct the problem on the server
side within a few days. According to w00w00 attackers could access
a user's system by exploiting the vulnerability.