AOL continues to struggle with AIM worm holes

AOL continues to struggle with AIM worm holes

Summary: According to Ryan Singel at Wired News, AOL shipped a silent, server-level patch on Monday night to fixa gaping hole that allowed hackers to gain complete control of any PC running the latest version of AIM.

SHARE:

America Online continues to have problems securing its widely deployed AIM instant messaging service.

According to Ryan Singel at Wired News, AOL shipped a silent, server-level patch on Monday night to fix a gaping hole that allowed hackers to gain complete control of any PC running the latest version of AIM.

"It's a pretty big hole. You don't even have to click anything," says Michael Evanchik, the researcher who discovered the flaw.

[ SEE: Despite AOL’s claim, AIM worm hole still wide open ]

America Online has spent the last few months struggling to issue a comprehensive fix for a similar bug that exposed fully patched versions of AIM to a nasty worm attack.

In September, researcher Aviv Raff demonstrated the issue for me by launching the calculator application via a sent message (see screenshot below).

AIM continues to struggle with AIM worm holes

At the time, AOL claimed the issue was fixed but Raff says a minor tweak of the exploit bypassed AOL's  server-side filtering.

From Singel's Wired piece:

The AIM 6.5 client remains vulnerable to the same fundamental weakness, potentially allowing malicious hackers to create a worm that infects thousands of users in a matter of hours.

"Instead of locking down the AIM client, they add filters in the server," says Aviv Raff, the security researcher who reported the original remote exploit in September, and who analyzed the newest attack for Wired News. "Filtering in the server will never be enough. It's like a cat and mouse game."

ALSO SEE: Zero-day flaws surface in AOL, Yahoo IM products

Topics: Collaboration, Browser, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • AIM Pro effected?

    Just curious if AIM Pro is any better...
    nokryptonite4me
    • aim pro is the same code as aim so i would say yes (NT)

      :)
      SO.CAL Guy
  • I think it's very important to sandbox instant messengers.

    This includes AIM, Yahoo Instant Messenger, and Windows Live (formly MSN) Instant Messenger.
    Grayson Peddie
    • Agreed

      They should all incorporate a Protected Mode on Vista, just like IE. As should email applications.
      PB_z
  • GO BACK TO AIM

    had no troubles over the years using AIM 5.9. I enjoy it, and all these users switching to AIM 6 are experiencing troubles, I tried AIM 6 for myself, but it had memory leaks that slowed down my operating system to a crawl, Windows XP PRO 32-bit with 2Gb of RAM, Aim 6 basically filled up all my RAM within minutes. Go to www.oldapps.com - pick up a copy of AIM 5.9 build 3861 and then use Aim ad-hack and remove all the ad's in AIM. Make sure you don't download AIM 5.9 build 6089... Believe me, it's ugly and has it's own troubles. Aim Build 3861 seems to do the job at best.
    rebelxhardcore
  • RE: AOL continues to struggle with AIM worm holes

    whats funny is i know this guy, and has told me he has bypassed it again with totally different code. He said he would post it on http://before0day.com
    amyisup2