The Web    Google
5/2: Oscarbot Virus Spreads a Hyperlink

5/2: Oscarbot Virus Spreads a Hyperlink
May 2, 2005

Several variants/repackaged versions of W32/Oscarbot have been discovered in the last few days, according to McAfee. Additionally, similar Sdbot variants have been discovered recently that also use this AIM vector.

This threat "spreads" via a hyperlink that is received via AOL Instant Messenger. Recipients may receive a message such as:

  • hey check out this

    Following the hyperlink results in users be prompted to save/run an executable file (such as If users choose to download and/or run this file, Oscarbot will contact a remote IRC server, logon to a specified channel and wait for further instructions. One of these instructions can result in the bot program sending the aforementioned hyperlink to all recipients on the infected users buddy list.

    Technically not a worm, this threat requires a bot commander to initiate the "spimming" (IM spam) routine.

    More information can be found at McAfee page.

  • Security Flaw Found In Sun Solaris Servers
  • Jenny Craig Goes on a No-Spam Diet
  • 11/29: JS/Spawn-C an Encoded Worm
  • RIM Refutes BlackBerry Buffer Overflow Claim
  • 5/3: Bbprox-A Trojan Acts as Proxy Server
  • New Tool Helps Ensure Users Employ Strong Passwords
  • AOL's AIM Puts Browser Security in Danger
  • 1/3: Hilin Worm Written in Visual Basic
  • 1/7: Sdbot-TB Worm Lets Hackers In Via IRC
  • Stomping Out Spam: The Spam Series, Part 1
  • 3/3: VBS.Allem Worm a Mass-Mailing Worm
  • Home Security Camera Background