BuddyPicture

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Recommendations ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 previously from the web site: ""By entering the site, http://www.buddypicture.net, you agree that you authorize an automatic install of our adware which will create a link to buddypicture.net, in place of your current America Online Instant Messenger (AIM) profile. The adware will automatically install a file called b.exe on your computer. This program IS NOT a virus, worm, nor trojan horse. It is simply adware. This file will not harm your computer nor will it delete your files. If you would like to uninstall our adware at any time, please read the directions at the bottom of this disclaimer page."

Category:

Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.

Spyware: Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.

Worm: A program that propagates itself by attacking other machines and copying itself to them. Both worms and viruses are self-replicating code that travels from machine to machine by various means. Both worms and viruses have, as their first objective, merely propagation. Both can be destructive, depending on what payload, if any, they have been given. But there are some differences: worms may replace files, but do not insert themselves into files. In contrast, viruses insert themselves in files, but do not replace them.

Similar Pests:

 Downloader · Exploit · Spyware · Worm

Origins

Author:

 Ryan Lacky

Group:

 buddypicture.net

EMail:

 admin@realphx.com

URL:

 http://www.buddypicture.net http://www.talkstocks.com, http://www.talkstocks.net, http://www.realphx.com.

Date of Origin:

 February, 2004

Distribution

Distribution:

 Once in your AIM buddy list, it seems to spread to those in your buddy list.

Prevalence:
  • BuddyPicture: < 0.00005%
    • More Info

    Clot Factor:
  • BuddyPicture: 2

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Operation

    Info Collected:

    		 May transmit info from your machine, including passwords, to http://www.jdennis.net/

    Risks

    Privacy Policy:

    		 None.

    Recommendations

    Prevention:

    		 Exploits a security hole in unpatched versions of Internet Explorer, enabling the software install to execute unchecked. Patch your copy of Internet Explorer now.

    Detection and Removal

    Caution!!!:

    		 Do not visit http://www.buddypicture.net/remove.htm to remove BuddyPicture. You'll find yourself with another trojan.

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:
  • Click Start, Settings, Control Panel
  • Click Add or Remove Programs
  • Locate the "buddylinks.net Messaging Integration" option and click Remove
  • Click Yes at the prompt.
  • Disable its ability to reach out by going to Start, Programs, buddylinks.net. Select "buddylinks.net Configuration". Uncheck the box that reads "Use buddylinks.net technology to send fun links to my friends!"
    • Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    More Info:
  • Cumulative Patch for Internet Explorer. Microsoft Security Bulletin MS03-040.
  • Adware Spreads Quickly on AOL IM Michelle Delio Feb 11, 2004
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 15, 2005