Home › Forums › Archives › Instant Messaging › AIM Support › AIM Dangers and Solutions: Cracking, Punting, etc
- This topic has 45 replies, 29 voices, and was last updated 14 years, 3 months ago by Hoppus.
-
AuthorPosts
-
May 5, 2004 at 2:22 am #3813Someguy03Member
I’ll add 4 or 5 more later
Ever have something malicious or bad happen to you for no reason while using AIM? Users run programs to exploit AIM are all over. There are many diffrent dangers out there in AIM, and I thought I would point some of them out. People should be aware of what they are dealing with and what they should do about it. Each topic is referred to by what it’s often called by most people:
Password Cracking: Password lists, usually containing every word in the dictionary, are loaded into programs, which will attempt to login with a screename with every password on the list until it finds the correct one.
Solution: Use a password that is not one word, or mix it with several numbers.
Mass Warning: Programs take advantage of the horrible and pointless AIM warning feature, and will warn you mass amounts of times. Hundreds of Clones, mass amount of screenames like barneysimpson1-100, Chiefsimpson1-100, etc. Are loaded into a program. The program then instructs them all to warn you by either:
Using a buddy Icon exploit, which allows someone to warn you even if you don’t reply or send them a message.
Or
By IM’ing you while your away. Since your away, your away message will be automatically be sent back to them, thus, you are sending them a message, and every clone that recieves your message will be able to warn you.
Solution: Remove your buddy icon to avoid the Icon exploit, and set your away message to only show in your profile to avoid the Away message exploit.
Grouping: This exploit is used to steal screenames with a fake email. Someone will use an AOL feature to send several screenames an invitation. If one of the screenames has a fake email, the sender of the invitation will get a message sent to his email, saying the message could not arrive, and it will list the fake email. The sender can then register the email and request the password.
Solution: Register your screename with real emails, or register your screenames fake email.
AIM Trojans: AIM trojans will access your registry, steal your password, and then forward it back to the sender of the Trojan. Someone will first try and send you a file, containing several fake programs. They will ask you to open one, which will open the connection between you and the sender of the trojan, and then they will ask you to open another program, which will grab your password from your registry and send it back to them. These trojans also allow the sender access to your computer and will allow them to take control of it or find private information.
Solution: Use a firewall and Anti Virus, such as Zone Alarm and Norton AV, The Anti virus usually finds the program as a trojan before you run it, but if it doesn’t, your firewall will block the connection between you and the sender. Some AIM trojans when ran can mess up your computer along with connecting to the sender, and the problems they cause cannot be fixed by AV or FW’s, and there are often programs out there made by users to remove the effects of the trojan.
Punting: Users have found that many times there are certain font combinations or codes that when sent in a message, can crash AIM. It only requires one user name, rather than several hundred clones.
Solution: Keep upgrading to the most current version of AIM, often boot codes are patched along with other exploits. Although, you might not consider it worth it with how bad the latest AIM versions are.
Phishing: A user will attempt to trick you into giving him your screenames password. They will often use an AOL like screename, trying to act as staff, and will try and come up with a believable reason for you to give them your password. Often things like the server going down, or your information accidently being deleted. If you do not give them your password, they will often threaten to delete your account, or say that you will not be able to login after a certain point.
Solution: AOL will NEVER ask you for your password on AIM. Simply ignore these people, as they can’t do anything to you. They might try some of the things stated above, such as mass warning or punting, so I suggest blocking them.
AOL Chat Host Kicking: AOL users will use programs that will allow them to take total control of chats. They have the ability to kick or ban people, and the programs made often feature the auto kick ability, so everytime you join you will be immediatlly kicked.
Solution: Wait a little while, once the owner signs off, they will loose host ability, and someone without AOL will remake the chat, or someone descent will. You can also create a MAC account and add “host” to the front of it. So if your registering it would be “[email protected]” and when you sign on, when you input your screename have it as “Host [email protected]” and the host will be red and the rest will be blue. You will no longer be able to be banned or actioned by a chat owner.
Copy Cat: Programs are now floating around that will mimic everything you say automatically both in private IM’s and in chats. If you are in a chat and try to IM them, they will auto warn you, and if you warn them they will auto warn you.
Solution: Block the Screename or simply ignore it. Someone is running the program and watching your replys, and they will grow bored and leave if you don’t give them a show.
Fake Login: Users make fake websites with the AOL login page. They will then make up some special deal or prize you will get if you sign in. They will mask the link on AIM and call it the AIM login page and flood chats with the link. Oviously, once you sign in, you recieve an error, and your password and screename are recorded for the owner of the website.
Solution: Right click on AIM links and check the real URL and never login at a site that doesn’t have the AOL or AIM URL.
IP Stealers: IP stealers are becoming common, and take advantange of connections made by diffrent AIM features and record IP’s. An example would be that one program made a game request and then would auto cancel itself, but sending the request would form a quick connection that would allow the program to find your IP.
Solution: This really isn’t dangerous unless you don’t have a firewall, because the hacker can access your computer. Just keep a firewall (Zone alarm, Norton Firewall, etc) at all times and you will be safe.
May 5, 2004 at 3:11 am #45579AtlasParticipantThere is a DeadAIM exploit that works on all versions of DeadAIM. AOL won’t be patching that. As of right now, there is no solution to this problem. The only solution that I can give is that you don’t use DeadAIM. There’s plenty of other AIM add-ons and hacked aimres.dlls to be used.
May 5, 2004 at 8:43 pm #45584f0rbezMemberyea that DeadAIM exploit sucks.
May 5, 2004 at 8:53 pm #45576.ParticipantCan someone IM me about it sometime to explain?
May 25, 2004 at 2:35 am #45583TOOmanyTACOSMemberOk my screen name got hacked and then I got it back from him because we made a deal that I would teach him how to use a program if he would give me my screen name so he did he hacked the next day and my password was all numbers (091258) and he still took it and will continue too I have no idea what program hes using because any that I have seen cannot crack a number pasword
May 25, 2004 at 3:00 am #45578ChanellothParticipantpassword lists have lots of number like 43534 5353453 534534 etc. you need a password with numbers AND lettes, also try some lowercass and cap letters like… FdKed47D…. a password like that wont be hacked with a password list
May 26, 2004 at 5:23 am #45572Someguy03MemberDid he change your email for the account? (meaning he can request the password) or does your email account have the same password has the AIM account he hacked?
June 7, 2004 at 8:43 pm #45577synthMemberCan you report AIM hacking to the police?
June 8, 2004 at 12:19 am #45586_Max_Membermost likely no. but if you use aol, and your screenname gets hacked on it automatically locks your account till you call them. this is very smart thing for aol to do!
June 29, 2004 at 5:03 am #45587CoxsackieVirusMemberAOL is mostly for the people like Windows XP. Windows XP can be hacked easly. Theres no use for a password at startup. Theres a way to hack into it and I will not be telling. Its extreamly complicated and dangereouse to the computer. You should only do it if you lock yourself out of the computer.
July 30, 2004 at 8:22 am #45580ys8er2323MemberQuote:quote:Originally posted by madmax4lifemost likely no. but if you use aol, and your screenname gets hacked on it automatically locks your account till you call them. this is very smart thing for aol to do!
yea I fell for one of those scams when I had aol, Well at the time I didn’t know AOL will never ask for a password. But me being dumb, just entered it on a page which looked EXACTLY like the aol homepage. After I entered it nothing happened. So I searched google and it said it was a passworld stealing gimmic. I tried to logon the next day to find out on the logon screen it said my account has been locked. I had to call up AOL to get it unlocked. They told me the hacker had sent 8,000 porn emails out to other aol users. Soon as I got my account back I changed my password and a week later got rid of aol.
July 30, 2004 at 12:45 pm #45588HironobuMemberAnother, possibly more fitting (well, to me at least) solution to the mass warning problem would be to show the “accept dialouge” for people not on your buddy list.
One of my roommates and a friend raped another roommate’s SN while he had his away message up by mass warning like this, but it took a coordinated effort amongst us… getting him up to 100% took a while too. So, we decided to create a bunch of different SNs and just log on each of those to warn him.
But since he had the accept dialouge window pop up, he never responded with his away message, so we couldn’t warn him. So, if you trust the majority of the people on your buddylist, then this would probably be a better way to do this instead of the profile-only away message, well imo. 🙂
August 4, 2004 at 4:58 pm #45589masteryoda77MemberI found out that someone in my list had me blocked and when I asked her why would she do that…she said that she didnt do it but she had computer problems.
In her words her “computer did it”…but she also said she was aware of it and I wasnt the only one blocked.
I know she sometimes has problems with her computer but I never heard of something like users can be blocked without any “human assistance”…is it possible to crack AIM and block people from the list?
I do believe she blocked me for some reason and didnt wanna say why. At least if I said or did something annoying maybe Id understand but its not the case so thats why I’m not 100% sure.
So if anyone has any idea if this would even be possible, just let me know.August 12, 2004 at 1:44 pm #45590CerJamMemberAOL users will use programs that will allow them to take total control of chats. They have the ability to kick or ban people, and the programs made often feature the auto kick ability, so everytime you join you will be immediatlly kicked.
first off id like to point out you dont need to use a program to “take total control” over a chatroom and the most used programz for this are
uccom by unfair
room op version 2 by bread
automation
qwiks
and powertoolz(have to buy it for the owning toolz to work)and on the password cracking…most public crackerz are dead..so the chances of getting cracked is real slim
and basicly all warning exploitz are dead tht I know of
grouping still workz and some details about that ive leared if your grouping a sn the only emails that will come back almost instatly is AOL and hotmail…if itz registerd under a yahoo email it will take about a day lol ( I waz grouping my own sn’s) and most fake @**** will come back almost instalty
aim trojans well….almost all of them are picked up by virus scannerz besides the one built by moo2 which he sold…so like…thtz the only one to worry about tht I know of but itz real slim chances youll meet someone with that because it had copy protection
punting well…turn off addins and youll be fine most of the time…you can still be crached by LOTZ of IM’s like for example someone tryign to punt you with AIMinvader….alot of the time that will work but if someone tries punting you with twister it wont ^_^
phisiing….. ummm dont give your f’in password to anyone and ull be fine lol
and the chat host thingy….thatz dead aol patched it a week ago…now you have to be using a mac sn thtz to long.. like for example I use
“a s d f g h j k l k j h g f d s d [email protected]” < thtz unbanable as where "host [email protected]” isnt this includes all teh restricted prefixes which include “cisct fsct host” and a few more tht I dont remeber
Copy Cat,ip stealers and fake login are basicly dead lol, but it is possible to like in a program for changing passwordz tht you cant see the adress it could be a PWS so like…if you need a Password changer use “cerjamz pwc” or PWC which is availbe on my site…..
thtz a update on all them thingz
-CerJam
August 20, 2004 at 4:05 am #45581CronusParticipantJust a note, away message warning is no longer an issue, so it should probably be removed from the list.
-
AuthorPosts
- You must be logged in to reply to this topic.