AIM Dangers and Solutions: Cracking, Punting, etc

[Someguy03]

I'll add 4 or 5 more later

Ever have something malicious or bad happen to you for no reason while using AIM? Users run programs to exploit AIM are all over. There are many diffrent dangers out there in AIM, and I thought I would point some of them out. People should be aware of what they are dealing with and what they should do about it. Each topic is referred to by what it's often called by most people:

Quote:

Password Cracking: Password lists, usually containing every word in the dictionary, are loaded into programs, which will attempt to login with a screename with every password on the list until it finds the correct one.

Solution: Use a password that is not one word, or mix it with several numbers.

Quote:

Mass Warning: Programs take advantage of the horrible and pointless AIM warning feature, and will warn you mass amounts of times. Hundreds of Clones, mass amount of screenames like barneysimpson1-100, Chiefsimpson1-100, etc. Are loaded into a program. The program then instructs them all to warn you by either:

Using a buddy Icon exploit, which allows someone to warn you even if you don't reply or send them a message.

Or

By IM'ing you while your away. Since your away, your away message will be automatically be sent back to them, thus, you are sending them a message, and every clone that recieves your message will be able to warn you.

Solution: Remove your buddy icon to avoid the Icon exploit, and set your away message to only show in your profile to avoid the Away message exploit.

Quote:

Grouping: This exploit is used to steal screenames with a fake email. Someone will use an AOL feature to send several screenames an invitation. If one of the screenames has a fake email, the sender of the invitation will get a message sent to his email, saying the message could not arrive, and it will list the fake email. The sender can then register the email and request the password.

Solution: Register your screename with real emails, or register your screenames fake email.

Quote:

AIM Trojans: AIM trojans will access your registry, steal your password, and then forward it back to the sender of the Trojan. Someone will first try and send you a file, containing several fake programs. They will ask you to open one, which will open the connection between you and the sender of the trojan, and then they will ask you to open another program, which will grab your password from your registry and send it back to them. These trojans also allow the sender access to your computer and will allow them to take control of it or find private information.

Solution: Use a firewall and Anti Virus, such as Zone Alarm and Norton AV, The Anti virus usually finds the program as a trojan before you run it, but if it doesn't, your firewall will block the connection between you and the sender. Some AIM trojans when ran can mess up your computer along with connecting to the sender, and the problems they cause cannot be fixed by AV or FW's, and there are often programs out there made by users to remove the effects of the trojan.

Quote:

Punting: Users have found that many times there are certain font combinations or codes that when sent in a message, can crash AIM. It only requires one user name, rather than several hundred clones.

Solution: Keep upgrading to the most current version of AIM, often boot codes are patched along with other exploits. Although, you might not consider it worth it with how bad the latest AIM versions are.

Quote:

Phishing: A user will attempt to trick you into giving him your screenames password. They will often use an AOL like screename, trying to act as staff, and will try and come up with a believable reason for you to give them your password. Often things like the server going down, or your information accidently being deleted. If you do not give them your password, they will often threaten to delete your account, or say that you will not be able to login after a certain point.

Solution: AOL will NEVER ask you for your password on AIM. Simply ignore these people, as they can't do anything to you. They might try some of the things stated above, such as mass warning or punting, so I suggest blocking them.

Quote:

AOL Chat Host Kicking: AOL users will use programs that will allow them to take total control of chats. They have the ability to kick or ban people, and the programs made often feature the auto kick ability, so everytime you join you will be immediatlly kicked.

Solution: Wait a little while, once the owner signs off, they will loose host ability, and someone without AOL will remake the chat, or someone descent will. You can also create a MAC account and add "host" to the front of it. So if your registering it would be "hostbigblueball@mac.com" and when you sign on, when you input your screename have it as "Host bigblueball@mac.com" and the host will be red and the rest will be blue. You will no longer be able to be banned or actioned by a chat owner.

Quote:

Copy Cat: Programs are now floating around that will mimic everything you say automatically both in private IM's and in chats. If you are in a chat and try to IM them, they will auto warn you, and if you warn them they will auto warn you.

Solution: Block the Screename or simply ignore it. Someone is running the program and watching your replys, and they will grow bored and leave if you don't give them a show.

Quote:

Fake Login: Users make fake websites with the AOL login page. They will then make up some special deal or prize you will get if you sign in. They will mask the link on AIM and call it the AIM login page and flood chats with the link. Oviously, once you sign in, you recieve an error, and your password and screename are recorded for the owner of the website.

Solution: Right click on AIM links and check the real URL and never login at a site that doesn't have the AOL or AIM URL.

Quote:

IP Stealers: IP stealers are becoming common, and take advantange of connections made by diffrent AIM features and record IP's. An example would be that one program made a game request and then would auto cancel itself, but sending the request would form a quick connection that would allow the program to find your IP.

Solution: This really isn't dangerous unless you don't have a firewall, because the hacker can access your computer. Just keep a firewall (Zone alarm, Norton Firewall, etc) at all times and you will be safe.

[Atlas]

There is a DeadAIM exploit that works on all versions of DeadAIM. AOL won't be patching that. As of right now, there is no solution to this problem. The only solution that I can give is that you don't use DeadAIM. There's plenty of other AIM add-ons and hacked aimres.dlls to be used.

[f0rbez]

yea that DeadAIM exploit sucks.

[WhiteMateria]

Can someone IM me about it sometime to explain?

[TOOmanyTACOS]

Ok my screen name got hacked and then I got it back from him because we made a deal that I would teach him how to use a program if he would give me my screen name so he did he hacked the next day and my password was all numbers (091258) and he still took it and will continue too I have no idea what program hes using because any that I have seen cannot crack a number pasword

[LittleShorty]

password lists have lots of number like 43534 5353453 534534 etc. you need a password with numbers AND lettes, also try some lowercass and cap letters like... FdKed47D.... a password like that wont be hacked with a password list

[Someguy03]

Did he change your email for the account? (meaning he can request the password) or does your email account have the same password has the AIM account he hacked?

[synth]

Can you report AIM hacking to the police?

[_Max_]

most likely no. but if you use aol, and your screenname gets hacked on it automatically locks your account till you call them. this is very smart thing for aol to do!

[CoxsackieVirus]

AOL is mostly for the people like Windows XP. Windows XP can be hacked easly. Theres no use for a password at startup. Theres a way to hack into it and I will not be telling. Its extreamly complicated and dangereouse to the computer. You should only do it if you lock yourself out of the computer.