The Web    Google
5/2: Oscarbot Virus Spreads a Hyperlink

5/2: Oscarbot Virus Spreads a Hyperlink
May 2, 2005

Several variants/repackaged versions of W32/Oscarbot have been discovered in the last few days, according to McAfee. Additionally, similar Sdbot variants have been discovered recently that also use this AIM vector.

This threat "spreads" via a hyperlink that is received via AOL Instant Messenger. Recipients may receive a message such as:

  • hey check out this

    Following the hyperlink results in users be prompted to save/run an executable file (such as If users choose to download and/or run this file, Oscarbot will contact a remote IRC server, logon to a specified channel and wait for further instructions. One of these instructions can result in the bot program sending the aforementioned hyperlink to all recipients on the infected users buddy list.

    Technically not a worm, this threat requires a bot commander to initiate the "spimming" (IM spam) routine.

    More information can be found at McAfee page.

  • Lawmakers: Spam Bill Is a Turkey
  • Security Objections to IBM-Lenovo Deal?
  • Government Against Full Disclosure of Vulnerabilities
  • Buffer Overflows Patched in RealPlayer
  • 11/9: Rbot-PG Worm also a Trojan
  • 11/16: Agobot-NX an IRC Trojan & Worm
  • 4/8: Imabut-A Trojan a Floppy Disk Image
  • 8/2: MyDoom-P Sends Spoofed Emails
  • InstaGate SCM Offers Integrated Secure Content Management
  • House to Create Homeland Security Oversight Committee
  • Navy Disciplines Midshipmen Pirates
  • Security Camera Price