AOL Yet to Fix Original Critical Flaw Discovered in September 2007
A security patch was discreetly released by AOL based in Virginia for its AIM instant messaging service in the beginning of December 2007 after a security investigator showed to Wired News that the firm had been unsuccessful in correctly patching a September 2007 flaw permitting crackers to hijack any computer operating the recent variant of AIM.
The 31-year-old creator of the latest strike, programmer Michael Evanchik, stated that though it could hijack nearly 60,000 PCs in a couple of days, he wasn't interested in it, as reported by Wired News on December 5, 2007. It's a fairly critical flaw, brought on without clicking open anything.
The "cyber-terrorists" of AOL are mostly young boys who want to irritate others. They hardly have any talent or education in computer science. A few gain a little knowledge of Microsoft's programming language known as Visual Basic (VB) for developing applications. These applications are exploited to bother other end-users via chat rooms, Instant Messaging (IM), and e-mail.
The firm (AOL) issued AIM 6.5 in part in October 2007 to patch a critical flaw concerning methods by which the program deals with the HTML code.
However, security specialists denounced AOL for releasing a shortsighted solution and depending greatly on server-side screening in an endeavor to stop malware from infiltrating AOL's network.
The quiet server-level fix of December 3, 2007 proves that those specialists were correct: the AIM 6.5 user is still susceptible to the same critical flaw, potentially permitting malevolent crackers to produce a worm that affects countless clients in just a few hours.
In place of closing the AIM client, they include screens within the computer, informed Aviv Raff, the Security Investigator who had detected the first remote attack in September, and had examined the latest strike for Wired News, reported Wired News on December 5, 2007. Adding filters in the server is never going to provide adequate security.
AOL's reaction was to insert Evanchik's particular attack sequence to the firm's server-side filtering program. AOL asserts that it's good and that they don't anticipate witnessing any further attacks.
Related article: Al-Qaeda to Launch Electronic Jihad on November 11
» SPAMfighter News - 18-12-2007