Hackers Launching Attacks Against Yahoo Messenger Bugs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Hackers Launching Attacks Against Yahoo Messenger Bugs

Websense researchers report 40 to 50 malicious sites are taking advantage of critical vulnerabilities in the instant messenger.

Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Web sites to attack unsuspecting, and unpatched, users.

"This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the exploit] has been increasing since its public disclosure."

Chenette said malware writers have picked up the exploit code, which was first publicly posted last week, and have quickly gone to work with it. The malicious code takes advantage of buffer overflow security issues in two ActiveX controls used in the instant messenger's Webcam image upload and viewing. Chenette said virus writers have taken the initial exploit code and come up with a variety of different pieces of malware.

The code is embedded in 40 to 50 Web sites. When someone who uses Yahoo Messenger visits one of these sites, the exploit drops down into the machine and then downloads either a Trojan backdoor or a keylogger, according to Websense. Both the keyloggers and downloaders mainly are looking for passwords and banking information to send back to the hacker.

Many of the malicious sites are based in China, said Chenette, who added that 50% of the sites are simply malicious Web pages that have been used to spread malware before. The other 50%, though, are legitimate sites that hackers have compromised with the exploit code.

The original exploit code hit the Internet on June 6, the day after researchers at eEye Digital Security responsibly posted information about the Yahoo Messenger vulnerabilities on its Web site. Yahoo was quick to release a fix for the vulnerabilities last Friday, just two days after the flaws were publicly disclosed. However, Terrell Karlsten, a spokeswoman for Yahoo, apparently disclosed too much information about the bugs in an interview with InformationWeek.

And that information helped lead a hacker, who identifies himself only as "Danny," right to the flawed code.

The Internet Storm Center is advising users to upgrade to the latest (patched) version of Yahoo Messenger as soon as possible. The site also is giving "kudos" to Yahoo for getting the problem fixed so quickly.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll