|
Brought to you by:
Suppliers of:
|
|
|
| |
| AIM+ is an add-on to AOL's Instant Messenger for Windows. It integrates automatically and flawlessly with AIM, adding crucial features like IM/Chat Logging (with an integrated History Browser), Ad Removal, Cloning, Customizable Buddy List Window, and Translucent Windows. The product has been found to contain a spyware "feature" allowing the author of the program to gather its users' connection information. |
| |
Credit:
The information has been provided by Pedram Amini and David LaRoss.
|
| |
Vulnerable systems:
* AIM+ version 2.1.1 build 59 and prior
* AIM+ version 2.2 build 63
AIM+ initiates an HTTP connection to www.big-o-software.com (63.242.135.29) referencing a PHP script that stores the following information:
- AOL instant messenger screen name
- AIM+ information:
- all your AIM+ settings
- AIM+ version
- AIM+ paths
- OS and version
- Computer network name
- CPU and RAM information
- Screen resolution
- Current UID (NT)
The PHP of course also gathers your IP address and login time.
Vendor status:
Big O Software has addressed this issue in their forums:
http://discuss.big-o-software.com/viewtopic.php?t=766.
Workaround:
There is a simple fix for those who would like to continue using the software while removing the spyware:
- Open AIM+.dll from your AIM+ install directory with a hex editor
- Locate the string "tracking"
- Null out the entire URL
Here are the approximate addresses of the strings to remove in the latest two releases of AIM+:
2.1.1 build 59 0x126a0
2.2 build 63 0x13790
If you want, you can download replacement DLL's from the following website:
http://pedram.redhive.com/advisories/AIM+/
|
|
|
|
|
