Suggested AIM Fix Features Security Flaw

Software recommended by security group w00w00 to plug a hole in America Online's Instant Messenger opens the user's system to hacker attacks and can direct the user's Web browser to pornographic Web sites, w00w00 says.

The security group was the first to publicize the hole in AIM last week, prompting AOL to take action and correct the problem on the server side within a few days.

In its initial warning, w00w00 advised users to download and install a third-party program called AIM Filter for immediate protection, but this software comes with its own security problems, a member of the w00w00 team writes in a posting to the Bugtraq mailing list late Tuesday.

"At the time, Robbie Saunders' AIM Filter seemed like a nice temporary solution. Unfortunately, it instead produces cash-paid click-throughs over time intervals and contains back door code," Jordan Ritter writes. The click-throughs in question direct the user's Web browser to advertisements using Saunders' referral code, generating commission payments for him.

Cleaned Up

W00w00 now offers a cleaned up version of AIM Filter without these security holes, Ritter writes. The problems with the software, designed to block certain AIM functions, were only discovered on January 5 when Saunders released the source code for his filter, Ritter says in the Bugtraq posting, apologizing for the error.

AIM Filter creator Saunders says in a statement on his Web site that AIM Filter allows him to remotely obtain a user's Internet Protocol address and AIM build number. It also allows him to shut down AIM Filter on a user's system and open five "embarrassing Web sites," the statement says. The porn Web sites only pop up when AIM Filter is launched, not at time intervals, he states.

It is unknown how many people installed AIM Filter. One AIM user in a news group asks w00w00 for more detailed instructions on how to remove AIM Filter.

A buffer overflow vulnerability existed in the shared game feature of AOL's Instant Messenger, AOL said on January 2. Attackers could access a users system by exploiting the vulnerability, according to w00w00.