Hackers Launching Attacks Against Yahoo Messenger Bugs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Hackers Launching Attacks Against Yahoo Messenger Bugs

Websense researchers report 40 to 50 malicious sites are taking advantage of critical vulnerabilities in the instant messenger.

Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Web sites to attack unsuspecting, and unpatched, users.

"This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the exploit] has been increasing since its public disclosure."

Chenette said malware writers have picked up the exploit code, which was first publicly posted last week, and have quickly gone to work with it. The malicious code takes advantage of buffer overflow security issues in two ActiveX controls used in the instant messenger's Webcam image upload and viewing. Chenette said virus writers have taken the initial exploit code and come up with a variety of different pieces of malware.

The code is embedded in 40 to 50 Web sites. When someone who uses Yahoo Messenger visits one of these sites, the exploit drops down into the machine and then downloads either a Trojan backdoor or a keylogger, according to Websense. Both the keyloggers and downloaders mainly are looking for passwords and banking information to send back to the hacker.

Many of the malicious sites are based in China, said Chenette, who added that 50% of the sites are simply malicious Web pages that have been used to spread malware before. The other 50%, though, are legitimate sites that hackers have compromised with the exploit code.

The original exploit code hit the Internet on June 6, the day after researchers at eEye Digital Security responsibly posted information about the Yahoo Messenger vulnerabilities on its Web site. Yahoo was quick to release a fix for the vulnerabilities last Friday, just two days after the flaws were publicly disclosed. However, Terrell Karlsten, a spokeswoman for Yahoo, apparently disclosed too much information about the bugs in an interview with InformationWeek.

And that information helped lead a hacker, who identifies himself only as "Danny," right to the flawed code.

The Internet Storm Center is advising users to upgrade to the latest (patched) version of Yahoo Messenger as soon as possible. The site also is giving "kudos" to Yahoo for getting the problem fixed so quickly.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll