Free Malware and Virus Solutions from APCS
VACM - Virus Alerts for the Common Man
   
VACM Home VACM - Stuff That Works 2012 APCS Home

AOL Instant Messenger hole opens you to attack!

     
Stop spam with MailWasher
CyberPatrol Parental Controls
avast! New Version 6 Products Generic Banner

Protect your identity and your computer with VACM-approved "Stuff That Works"


Greetings from The VACM Team,

In this issue:
------------------------------------
- AOL Instant Messenger hole opens your PC to attack
      Hackers can take total control of your system,
      gain access to your corporate network, etc.


***************************************************
* The Bottom Line...
***************************************************
AOL Instant Messenger (AIM) has a major security vulnerability
in the latest stable version (4.7.2480) and the beta (4.8.2616)
Windows versions. This vulnerability will allow remote
penetration of your system without any trace visible to you.

And, there is no opportunity to refuse the attack.


***************************************************
* What You Should Do...
***************************************************
Unfortunately for all of us, AOL is not issuing an update to
fix this problem.  They claim to be doing a fix on their AIM
servers.  The problem with this solution is that a hacker can
easily attack your system via AIM without ever going through
the AOL servers.

One thing you can do in the short term is to not allow
chat requests that come from people other than your buddy list.
To do this, start AIM:

  1. Go to your Preferences
  2. Go to the Privacy section
  3. Click "Allow only users on my Buddy List" under
     "who can contact me"

Also, a previous AIM vulnerability was fixed several months ago.
If you do not have the latest version of AIM (4.7.248), you
should download and install the Upgrade from:

  AIM 4.7.248 Upgrade

To find out what version of AIM you have, click on Help | About
in AIM.


***************************************************
* Risk To Corporate Networks... technical details...
***************************************************
The buffer overflow that allows this flaw gives attackers about
2k worth or memory space in which to place malicious code.  
A significant amount of RAM to play with to do whatever
one wishes.

AOL is doing a server-side fix instead of an update to AIM.
Bad move in our opinion.  Hackers can easily do Man-In-The-
Middle attacks and step right around the AOL servers.

Instant Messaging is a security risk to corporations. It gets
around firewalls. It has a large install base. One problem
with instant messaging is that anyone can get your IP address
when you send them a message. That person then in turn can
break into your home computer and use it to connect to your
corporate systems through your VPN (virtual Private Network).

This vulnerability affects all AIM versions as far back as 4.3
and possibly earlier (not tested).

An exploit could easily be setup to download itself off the web,
determine your buddies from your buddy list and then attack
them also.

It would not take long for such an attack to propagate to the
millions of AIM users in the world.




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

Stop spam with MailWasher

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page