Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01

TheMSsForum.com: The Microsoft Software Forum

I received the following IM from my brother in law:

check this out... http://www.wgutv.com/osama_capture.php?
xi01

When I clicked on the link I was taken to a "WGUC TV NEWS
PLAYER WAR GAMES UPDATE" page. I was prompted to install
a "News Player" ActiveX control.

I refused to install the control and asked my brother-in-
law what he'd sent. He said he hadn't sent me anything.

This seems fishy to me. Is there any knowledge about this
(a Google search returned nothing)? To whom should I
report this?

Thanks,

Scott Francis
Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by Jupiter

Jupiter
Wed Feb 11 09:57:11 CST 2004

Scott;
I suspect he has spyware on his comnputer.
It would be a good idea for both of you to follow at least steps #1,
#5 &#6 on this link:
http://www3.telus.net/dandemar/slowcom.htm

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/


"Scott Francis" <anonymous@discussions.microsoft.com> wrote in message
news:de8901c3f0b2$6ce640e0$a101280a@phx.gbl...
> I received the following IM from my brother in law:
>
> check this out... http://www.wgutv.com/osama_capture.php?
> xi01
>
> When I clicked on the link I was taken to a "WGUC TV NEWS
> PLAYER WAR GAMES UPDATE" page. I was prompted to install
> a "News Player" ActiveX control.
>
> I refused to install the control and asked my brother-in-
> law what he'd sent. He said he hadn't sent me anything.
>
> This seems fishy to me. Is there any knowledge about this
> (a Google search returned nothing)? To whom should I
> report this?
>
> Thanks,
>
> Scott Francis


Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by Keith

Keith
Wed Feb 11 09:58:19 CST 2004

This is an AIM worm. See the incidents list thread at:

http://www.derkeiler.com/Mailing-Lists/securityfocus/incidents/2004-02/0027.html



"Scott Francis" <anonymous@discussions.microsoft.com> wrote in message
news:de8901c3f0b2$6ce640e0$a101280a@phx.gbl...
> I received the following IM from my brother in law:
>
> check this out... http://www.wgutv.com/osama_capture.php?
> xi01
>
> When I clicked on the link I was taken to a "WGUC TV NEWS
> PLAYER WAR GAMES UPDATE" page. I was prompted to install
> a "News Player" ActiveX control.
>
> I refused to install the control and asked my brother-in-
> law what he'd sent. He said he hadn't sent me anything.
>
> This seems fishy to me. Is there any knowledge about this
> (a Google search returned nothing)? To whom should I
> report this?
>
> Thanks,
>
> Scott Francis


Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by Lanwench

Lanwench
Wed Feb 11 10:40:20 CST 2004

Also see http://vil.nai.com/vil/content/v_101007.htm

It's good you didn't click on "accept" to install the software. The EULA
(not like most people read those, sigh) states:

...In addition, the Software will interoperate with your current
instant messaging client so as to permit the automatic sending of
advertising messages originating from your Computer to your contact or
"buddy" list regarding Content offered by PSD Tools or its suppliers. If you
desire to stop this activity, you may elect to stop the messages by
navigating to the "buddylinks.net" entry in your "Start Menu", selecting the
"buddylinks.net Configuration" item, and unchecking the appropriate option.
You may also refer to PSD Tools' website at http://www.psdtools.com for an
uninstaller


Scott Francis wrote:
> I received the following IM from my brother in law:
>
> check this out... http://www.wgutv.com/osama_capture.php?
> xi01
>
> When I clicked on the link I was taken to a "WGUC TV NEWS
> PLAYER WAR GAMES UPDATE" page. I was prompted to install
> a "News Player" ActiveX control.
>
> I refused to install the control and asked my brother-in-
> law what he'd sent. He said he hadn't sent me anything.
>
> This seems fishy to me. Is there any knowledge about this
> (a Google search returned nothing)? To whom should I
> report this?
>
> Thanks,
>
> Scott Francis


Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by dmartin

dmartin
Wed Feb 11 13:58:39 CST 2004

"Scott Francis" <anonymous@discussions.microsoft.com> wrote in message news:<de8901c3f0b2$6ce640e0$a101280a@phx.gbl>...
> This seems fishy to me. Is there any knowledge about this
> (a Google search returned nothing)? To whom should I
> report this?

Others have suggested what this is; a google search now may be more
fruitful.

As for who to report it to, I'd suggest the FTC. That's my general
reaction to not-quite-technically-trojan-but-massively-deceptive
adware.
Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by Tedd

Tedd
Wed Feb 11 14:16:17 CST 2004

It might be worth a email to WGUTV as there site might be promoting this
junk or just used as a jump point.
Tedd

McAfee Visual Trace Version 3.25 Results
Target: www.wgutv.com

Administrative Contact:
wgutv
Drew Williams
1770 Mass. Ave 213
Cambridge, MA 02140
US
Phone: 6176614664
Email: support@wgutv.com
Visual Trace Copyright ©1997-2001 NeoWorx Inc


--
Tedd Riggs
PDA Square Content Developer
www.pdasquare.com


"Daniel Martin" <dmartin@fame.com> wrote in message
news:f05a0fe7.0402111158.81de986@posting.google.com...
> "Scott Francis" <anonymous@discussions.microsoft.com> wrote in message
news:<de8901c3f0b2$6ce640e0$a101280a@phx.gbl>...
> > This seems fishy to me. Is there any knowledge about this
> > (a Google search returned nothing)? To whom should I
> > report this?
>
> Others have suggested what this is; a google search now may be more
> fruitful.
>
> As for who to report it to, I'd suggest the FTC. That's my general
> reaction to not-quite-technically-trojan-but-massively-deceptive
> adware.


Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by mentadent9

mentadent9
Wed Feb 11 14:46:52 CST 2004

i got alot of information on the osama aim thingy here:

http://vil.nai.com/vil/content/v_101007.htm
Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by my2002cali

my2002cali
Wed Feb 11 16:10:46 CST 2004

"Scott Francis" <anonymous@discussions.microsoft.com> wrote in message news:<de8901c3f0b2$6ce640e0$a101280a@phx.gbl>...
> I received the following IM from my brother in law:
>
> check this out... http://www.wgutv.com/osama_capture.php?
> xi01
>
> When I clicked on the link I was taken to a "WGUC TV NEWS
> PLAYER WAR GAMES UPDATE" page. I was prompted to install
> a "News Player" ActiveX control.
>
> I refused to install the control and asked my brother-in-
> law what he'd sent. He said he hadn't sent me anything.
>
> This seems fishy to me. Is there any knowledge about this
> (a Google search returned nothing)? To whom should I
> report this?
>
> Thanks,
>
> Scott Francis

Hi Scott,
I recieved a similar message from my old government teacher from
when I was in high school the moment I signed onto AOL messenger
"check this out... http://www.wgutv.com/osama_capture.php" but when I
clicked the link the page came up as "Action canceled: Internet
Explorer was unable to link to the Web page you requested. The page
might be temporarily unavailable." While the page was loading I could
see the I.P. address in the bottom left corner of the explorer window
and it read "63.251.131.235". I don't know if that would help someone
figure out what this camo'd spam is, but I hope it does.
~Kendra, California
Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by newanonymous2000

newanonymous2000
Wed Feb 11 19:29:44 CST 2004

Here's the whois info on the website:

wgutv
Drew Williams
1770 Mass. Ave # 213
Cambridge, MA 02140
US
Phone: 6176614664
Email: support@wgutv.com


"Scott Francis" <anonymous@discussions.microsoft.com> wrote in message news:<de8901c3f0b2$6ce640e0$a101280a@phx.gbl>...
> I received the following IM from my brother in law:
>
> check this out... http://www.wgutv.com/osama_capture.php?
> xi01
>
> When I clicked on the link I was taken to a "WGUC TV NEWS
> PLAYER WAR GAMES UPDATE" page. I was prompted to install
> a "News Player" ActiveX control.
>
> I refused to install the control and asked my brother-in-
> law what he'd sent. He said he hadn't sent me anything.
>
> This seems fishy to me. Is there any knowledge about this
> (a Google search returned nothing)? To whom should I
> report this?
>
> Thanks,
>
> Scott Francis
Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by Tedd

Tedd
Thu Feb 12 07:40:22 CST 2004

I was a little surprised by the answer that I got from Drew asking if they
know of this or support it, Looks like they do. Copy of email back from
Drew.

--
Tedd Riggs
PDA Square Content Developer
www.pdasquare.com
Redmond, WA

Hello,
We hope you are enjoying your BuddyLinks program.
If you would like to uninstall BuddyLinks, we offer
two
easy methods to do this:

-Via "Add/Remove Programs":

Click "Start", Settings, Control Panel
Click "Add/Remove Programs"
Locate the "buddylinks.net Messaging Integration"
option and click "Remove".
Click "Yes" on the prompt.

-Via a website link:
Navigate to http://www.buddylinks.net/uninstaller.exe
or http://www.buddylinks.net/uninstall.exe

Choose "Run" or "Open" when the download window
appears.

We hope this helps answer your questions about
BuddyLinks. Our support staff will be happy to help
you
with any additional uninstall issues via email at
extrasupport@buddylinks.net .


"anonymous coward" <newanonymous2000@yahoo.com> wrote in message
news:4c0dadde.0402111729.31ed5e3d@posting.google.com...
> Here's the whois info on the website:
>
> wgutv
> Drew Williams
> 1770 Mass. Ave # 213
> Cambridge, MA 02140
> US
> Phone: 6176614664
> Email: support@wgutv.com
>
>
> "Scott Francis" <anonymous@discussions.microsoft.com> wrote in message
news:<de8901c3f0b2$6ce640e0$a101280a@phx.gbl>...
> > I received the following IM from my brother in law:
> >
> > check this out... http://www.wgutv.com/osama_capture.php?
> > xi01
> >
> > When I clicked on the link I was taken to a "WGUC TV NEWS
> > PLAYER WAR GAMES UPDATE" page. I was prompted to install
> > a "News Player" ActiveX control.
> >
> > I refused to install the control and asked my brother-in-
> > law what he'd sent. He said he hadn't sent me anything.
> >
> > This seems fishy to me. Is there any knowledge about this
> > (a Google search returned nothing)? To whom should I
> > report this?
> >
> > Thanks,
> >
> > Scott Francis


Top

Re: Mysterious instant message/http://www.wgutv.com/osama_capture.php?xi01 by Mike

Mike
Thu Feb 12 14:24:01 CST 2004

Tedd,
Yeah I'm enjoying the program ......
I hope they enjoy my HOSTS file!

# [PSD Tools][Adware-BuddyLinks]
127.0.0.1 download.buddylinks.net #[ShellInstaller Control]
127.0.0.1 www.buddylinks.net
127.0.0.1 www.wgutv.com
--
For SpywareBlaster users: (add via "Custom Blocking")

Title: Adware-BuddyLinks
CLSID: {FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4}
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-07-04]
Please post replies to this Newsgroup, email address is invalid
--

"Tedd Riggs" <T_Riggs@MSN,C0M> wrote in message
news:ONKlA6W8DHA.1596@TK2MSFTNGP10.phx.gbl...
> I was a little surprised by the answer that I got from Drew asking if they
> know of this or support it, Looks like they do. Copy of email back from
> Drew.
>
> --
> Tedd Riggs
> PDA Square Content Developer
> www.pdasquare.com
> Redmond, WA
>
> Hello,
> We hope you are enjoying your BuddyLinks program.
> If you would like to uninstall BuddyLinks, we offer
> two
> easy methods to do this:
>
> -Via "Add/Remove Programs":
>
> Click "Start", Settings, Control Panel
> Click "Add/Remove Programs"
> Locate the "buddylinks.net Messaging Integration"
> option and click "Remove".
> Click "Yes" on the prompt.
>
> -Via a website link:
> Navigate to http://www.buddylinks.net/uninstaller.exe
> or http://www.buddylinks.net/uninstall.exe
>
> Choose "Run" or "Open" when the download window
> appears.
>
> We hope this helps answer your questions about
> BuddyLinks. Our support staff will be happy to help
> you
> with any additional uninstall issues via email at
> extrasupport@buddylinks.net .
>
>
> "anonymous coward" <newanonymous2000@yahoo.com> wrote in message
> news:4c0dadde.0402111729.31ed5e3d@posting.google.com...
> > Here's the whois info on the website:
> >
> > wgutv
> > Drew Williams
> > 1770 Mass. Ave # 213
> > Cambridge, MA 02140
> > US
> > Phone: 6176614664
> > Email: support@wgutv.com
> >
> >
> > "Scott Francis" <anonymous@discussions.microsoft.com> wrote in message
> news:<de8901c3f0b2$6ce640e0$a101280a@phx.gbl>...
> > > I received the following IM from my brother in law:
> > >
> > > check this out... http://www.wgutv.com/osama_capture.php?
> > > xi01
> > >
> > > When I clicked on the link I was taken to a "WGUC TV NEWS
> > > PLAYER WAR GAMES UPDATE" page. I was prompted to install
> > > a "News Player" ActiveX control.
> > >
> > > I refused to install the control and asked my brother-in-
> > > law what he'd sent. He said he hadn't sent me anything.
> > >
> > > This seems fishy to me. Is there any knowledge about this
> > > (a Google search returned nothing)? To whom should I
> > > report this?
> > >
> > > Thanks,
> > >
> > > Scott Francis
>
>


Top