Back door found in suggested fix for AIM hole

Software recommended by security group w00w00 to plug a hole in America Online's Instant Messenger (AIM) software opens users'...

Software recommended by security group w00w00 to plug a hole in America Online's Instant Messenger (AIM) software opens users' systems to hacker attacks that can direct their Web browsers to pornographic Web sites.

In its initial warning about a security flaw in AIM, w00w00 advised users to download and install a third-party program called AIM Filter for immediate protection. However this software comes with its own security problems, a member of the w00w00 team later wrote in a posting to the Bugtraq mailing list on Tuesday (8 January).

"At the time, Robbie Saunders' AIM Filter seemed like a nice temporary solution. Unfortunately, it produces cash-paid click-throughs over time intervals and contains back door code," wrote w00w00's Jordan Ritter. The click-throughs in question direct the user's Web browser to advertisements using Saunders' referral code, generating commission payments for him.

AIM Filter creator Saunders said in a statement on his Web site that AIM Filter allows him to remotely obtain a user's IP (Internet Protocol) address and AIM build number. It also allows him to shut down AIM Filter on a user's system and open five "embarrassing Web sites," the statement said. The porn Web sites only pop up when AIM Filter is launched, not at time intervals, Saunders said.

W00w00 now offers a cleaned up version of AIM Filter without these security holes. The problems with the software, designed to block certain AIM functions, were only discovered on 5 January when Saunders released the source code for his filter, Ritter said in the Bugtraq posting, apologising for the error.

It is not known how many people installed AIM Filter as a result of the recommendation from w00w00.

W00w00 originally warned about the security flaw in AIM in response to a buffer overflow vulnerability in the shared game feature, prompting AOL to take action and correct the problem on the server side within a few days. According to w00w00 attackers could access a user's system by exploiting the vulnerability.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.