SECURITY WARNING: "We captured Osama" Link

[Charles]

Ok...to me, it seems like we all need a basic lesson in safety from more of this BS.

Tip 1: Windows Update all the damn time! Run this crap all the time...new updates are released FREQUENTLY!

Tip 2: Go into your IE (or what other browser you are using, they all have these) security options and disable active x controls ENTIRELY. It may sound like overkill, but if a site needs to get through, add it to the trusted zone.

Tip 3: Don't click on links that look suspicious. If a friend sends you a link that we caught Osama or some crazy other crap, check with them and make sure THEY sent the link.

Tip 4: Read the damn policy for this software. What lets these <insert profane word here> get away with this crap is that they notify you of it. It is all located in their privacy policy, terms, and/or license agreement. Something should be in there regarding information sent to these people or altering software you have on your computer. (in this case your AIM profile and messages)

Tip 5: Use common sense! If you get a link that is from someone that is away (as previously mentioned) or someone you don't talk to about capturing Saddam...first ask why they would send you this. Why would you not have heard it anywhere else? Aplore, an AIM mass mailer, spread so easily and all it did was insert a link to an IP with ports open. So many people clicked on it without using any common sense whatsoever that it led to a spurt of crap.

Other extreme tips include: switching IM clients to GAIM, Trillian, etc., switching to Mac, and/or switching to a secure browser.

UPDATE: REMOVE THE SOFTWARE VIA DOWNLOAD
http://www.buddylinks.net/uninstall.exe

This is an uninstaller for their software as an alternative to using Add/Remove Programs.

UPDATE: REMOVE YOURSELF FROM THEIR "NETWORK"
http://www.buddylinks.net/support.php

[Trab]

Shinza is right, but u dont have to be so paranoid, soem ppl who click on the link dont get infected, just FYI (like if u have fun Windows Update and have a good AV prog) i know that i clicked on the link but i didnt get it, by pure luck though... we should always post new security threats here just so others dont get it (But make sure ur not reposting) anyways good luck to those who are infected (i recomend Bazooka spyware scanner, google it, it find EVERYTHING, ur safe with it) good luck!
latz
-Trab

[Sathallrin]

When you click the link..it gives you the windows security thing..would you like to run it or not thing... If you click no, then you dont get the virus.. but if you click yes then you are basically agreeing to have the program installed on your computer and spamming everyone on your list. Many people i guess just click yes on those without reading them..which isnt good...those dialogs install something, so you have to make sure you can trust it before you install it.

[sebj31]

So.... if I downloaded this, played the game, and then uninstalled it about 10 minutes later, is this going to screw up my computer? Is this an actual virus???? It didn't seem like any answered that. thanks!

[Charles]

THIS IS NOT A VIRUS. IT IS LEGIT AND TAKES ADVANTAGE OF AVERAGE USERS LACK OF COMMON SENSE. Like Sathallrin said, you can't just click 'yes' to everything. The dialogue should be changed by MS to say this will install potentially malicious software onto your system. The reason it isn't a virus is as follows. Whether or not it takes advantage of a flaw in IE, it isn't their responsibility to make sure the patch is installed on your system. They supply you with terms and a chance to opt-out. What is sneaky though is how they are doing it all. The fake news BS and such. Something needs to fix this crap up. Finally, a virus scanner might not work in this case as it is legit software. By clicking yes, you agree to the terms mentioned above. You will spam other users, you will have links sent out to others on your buddy list featuring fake stories. You agreed to it or didn't have the patch. Unlike a virus, you can remove it also from Add/Remove Progs. THIS ISN'T A VIRUS, JUST A PAIN.

[dewsky]

Hey everyone:

I am a total dork, and I installed the Osama game. So I thought I had deleted the program completely, not only using the link you guys have put on here as the uninstall program but literally deleting everything off my hard drive down to the cookies. It keeps re-installing itself, so I keep having it put back on my computer as a program. Is there anything I can do to make this program go away for good? I've signed off AIM so my buddy list won't get infected. This is just annoying, and I want to be able to use AIM again on my computer! Please help if you can! Thanks

[Rizzano]

FIXED IT: HERE IS THE SIMPLE FIX!!!!!

Download HijackThis 1.97
Run It

Delete/Fix the following registry keys IF they appear in your list:

C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe

O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver

O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe

O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab

PLEASE NOT: Norton, Ad-Aware, SpyBot, or anything else referred to does not fix this, so far, HijackThis is the only known (as far as I know) program to fix it.

Hope this helps, it worked for me.

[Charles]

Sources to look at:

http://vil.nai.com/vil/content/v_101007.htm

http://www.aim.com/help_faq/security/faq.adp?aolp=

If installed visit the first link to make sure that the uninstall (done manually or automatically, supposedly) was completed and that ALL traces of this software are removed to prevent further spread of the adware.

[ExeterDelMon]

http://www.InfestedNexus.co.nr/buddylinksremover.zip

Remover and Immunity tool

Cheers!

[Ignite]

I wrote a tool to remove this virus/adware tool automatically:
http://www.parent-tools.com/files/BlockAIMSpyware.exe