How annoying is this? I got an AIM message from a colleague I know and trust. Unlike usual conversations I've had with him, it gave only a brief message:
check this out... http://www.wgutv.com/osama_capture.php?{personal_identifier}Clicking on the link opens a "game" webpage that asks you not only to download the game, but also to accept to give the downloaded code certain privileges (see screenshot (captured for future reference) below, click to see full page)
This, apparently, is involuntary viral marketing; a company called BuddyLinks (www.buddylinks.net) has created this IM spammer software, and once it's on your machine it will spam all your IM buddies in your name. This is a new and unique approach for IM spam, as it will bypass any whitelists of users you may have
Screenshot of buddylinks' homepage stored for future reference: (click to see entire page):
"Your friends will love the the prize they receive in their funny news message. It might be a game or a funny flash cartoon"Earth to buddylinks.net: Viral marketing works because people spread the word voluntarily. Cool flash games reach hundreds of thousands of users because they're cool and fun in themselves, not because they install themselves on users' PCs and spam unsuspecting friends!
If you would like to uninstall our game, and opt out of sending messages please just contact us at support@buddylinks.net.Yeah. Right.
"Your friends will love the the prize they receive in their funny news message. It might be a game or a funny flash cartoon"
No, they won't. Most "clever" cartoons, pictures and games aren't all that clever or original. And if it is, I'll hear about it elsewhere. I don't need people to forward them to me, and I certainly don't need a spammer to notify me that they exist.
Posted by: on February 11, 2004 11:19 PMWhoops, forgot to sign that last comment...
Posted by: Adam Kalsey on February 11, 2004 11:22 PMsweet, I was wondering if anyone else noticed this one yet. Thankfully it's terribly easy to remove.
This is mostly startling as spammers are using novel methods at attaining the location of live, active nodes in the social network. bravo, and *cringe*
any suggestions for crippling this type of approach other than to not click the link in the first place, or disable win32 handling by your browser?
Posted by: alton on February 12, 2004 12:27 AMis there anyway to remove this buddylink? b/c i have trouble with it now and so do A LOT of my friends...if there is a way please e-mail me if u can with the subject heading "buddylink remove" or something along those lines or post a blog..i will come back later this week to check i guess...thank you
Posted by: joe on February 12, 2004 03:32 PMRemoval instructions here:
http://securityresponse.symantec.com/avcenter/venc/data/adware.buddylinks.html
More / alternative removal recipes here:
http://www.mjberger.com/archives/000096.html
http://compulsive.org/mt/archives/000382.html
More links and news about the Osama bin Laden BuddyLink game here:
http://www.jacobsen.no/anders/blog/archives/2004/02/13/buddylinks_revisited_and_removal_instructions.html
(... and several variants of removal instructions)
http://users.adelphia.net/~infestednexus/buddylinksremover.zip
^_^ Removal program / Prevention
Nice day!
Posted by: Ting on February 15, 2004 03:35 AMThanks for the info on Buddylinks. A few of their files popped up when I did a virus scan, and now I remember getting the IM witch you discuss. Tricky bastards....
TG
Posted by: tom glancy on March 7, 2004 02:10 PMDoes anyone have an optional way to delete adware keenval file? It attaches to the resgistry and pops up every time you start up. I tried to delete it by doing the Symantec istructions for going into safemode and deleting the c:recycler file but that file does not come up in the safe mode. When in the regular mode, it shows as running so you can't delete it. I was wondering if anyone else had this problem?
Thanks Marci H.
When someone posts the optional way to delete the keenval adware, will you please send it to me? My email is at my website.
Thank you!
its weird just fond out got this buddy thing but don't have the buddy links folder
Posted by: Leeanne on May 13, 2004 10:59 PMI still have remnants of both buddylinks.net and isearch toolbar infesting my computer. I have a directory c:/program files/buddylinks.net that I can't delete, even in safe mode. I've checked the registry and can't find them anywhere... but keep getting popups and adware all over the place... I've installed 3 different adware killers, but no luck...
Any suggestions?
Posted by: JB on January 2, 2005 09:23 PM
©
Anders Jacobsen [extrospection.com photography] |