AOL and Microsoft email hackers gain access to vital information -- Trojan horse allows hackers to see AOL's customer information

Monday June 19, 2000
AOL hit by hackers; another VB 'worm' on the loose
By Scott Berinato and Dennis Fisher, eWEEK

Computer users are starting off the week with more high-profile security breaches to tend to as both America Online Inc.'s (NYSE:AOL - news) service and Microsoft Corp.'s (Nasdaq:MSFT - news) Outlook software were compromised over the weekend.

In the case of AOL, hackers used a "Trojan horse" program sent to AOL employees last week to gain access to users' accounts over the weekend.

The ISP acknowledged that a few thousand user accounts had been accessed by outside parties and that the hackers would have been able to view customer information, including passwords and credit card data.

An undetermined number of AOL employees received an e-mail message last week containing the program, which, when executed, allowed the sender to take control of an employee's machine and access the company's internal customer database.

AOL, of Dulles, Va., removed the billing information from the affected customers' accounts, according to published reports. As of Monday morning, the security hole was still open.

The VBS/Stages worm
At the same time, anti-virus vendors are warning enterprises of a new Visual Basic worm that uses the Windows Scrap file to copy its code onto vulnerable computers.

So far, most companies are rating the virus a "medium-grade" threat and are trying to avoid overplaying it.

The worm, called VBS/Stages, is not a descendant of other viruses although it does use Microsoft Outlook as its unwitting accomplice. As it promulgates through Outlook inboxes, it changes its name, making it harder to track. It also copies itself to all available local and network drives attached to the person opening the file.

When launched, the virus creates a text file containing a joke about men and women's interest in sex as they age. It also changes Windows settings that affect the Scrap file and the Windows Registry Editor.

But the worm does not damage the machine it attacks by deleting files or changing crucial settings. Rather, its danger lies in its ability to overload e-mail servers.

Subject headings that have been connected to the e-mail include: "Fw: Life Stages," "Fw: Funny," "Fw: Jokes," "Fw: Life Stages text," "Fw: Funny text," "Fw: Jokes text," "Life Stages," "Funny," "Jokes," "Life Stages text," "Funny text" and "Jokes text."

Back To The Study