Hackers Launching Attacks Against Yahoo Messenger Bugs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Hackers Launching Attacks Against Yahoo Messenger Bugs

Websense researchers report 40 to 50 malicious sites are taking advantage of critical vulnerabilities in the instant messenger.

Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Web sites to attack unsuspecting, and unpatched, users.

"This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the exploit] has been increasing since its public disclosure."

Chenette said malware writers have picked up the exploit code, which was first publicly posted last week, and have quickly gone to work with it. The malicious code takes advantage of buffer overflow security issues in two ActiveX controls used in the instant messenger's Webcam image upload and viewing. Chenette said virus writers have taken the initial exploit code and come up with a variety of different pieces of malware.

The code is embedded in 40 to 50 Web sites. When someone who uses Yahoo Messenger visits one of these sites, the exploit drops down into the machine and then downloads either a Trojan backdoor or a keylogger, according to Websense. Both the keyloggers and downloaders mainly are looking for passwords and banking information to send back to the hacker.

Many of the malicious sites are based in China, said Chenette, who added that 50% of the sites are simply malicious Web pages that have been used to spread malware before. The other 50%, though, are legitimate sites that hackers have compromised with the exploit code.

The original exploit code hit the Internet on June 6, the day after researchers at eEye Digital Security responsibly posted information about the Yahoo Messenger vulnerabilities on its Web site. Yahoo was quick to release a fix for the vulnerabilities last Friday, just two days after the flaws were publicly disclosed. However, Terrell Karlsten, a spokeswoman for Yahoo, apparently disclosed too much information about the bugs in an interview with InformationWeek.

And that information helped lead a hacker, who identifies himself only as "Danny," right to the flawed code.

The Internet Storm Center is advising users to upgrade to the latest (patched) version of Yahoo Messenger as soon as possible. The site also is giving "kudos" to Yahoo for getting the problem fixed so quickly.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

New Storage Trends Promise to Help Enterprises Handle a Data Avalanche
John Edwards, Technology Journalist & Author,  4/1/2021
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
How to Submit a Column to InformationWeek
InformationWeek Staff 4/9/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll