New zero-day Yahoo Messenger exploit allows malware to spread via hijacked statuses

Discussion in 'other security issues & news' started by Hungry Man, Dec 5, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://nakedsecurity.sophos.com/201...essenger-exploit-hijacks-users-status-update/

    An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to fiddle with any user's status message - allowing malware to be spread, Bitdefender security researchers revealed on Friday.

    Vulnerable clients are found in version 11.x of Messenger, including the freshly released 11.5.0.152-us version.

    The reason the status update vector is so dangerous boils down to trust, the researchers said. Because status updates only go out to a user's small group of friends, those friends are likely to click through, and that's when the nastiness begins.
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Yep beware Yahoo Messenger users. A friend of mine contacted me the other day and told me to check my messenger friends list, to then look at his status ... the status read that he was a pedophile and other malicious things. And when I asked why he'd wrote that about himself, he had no idea how it had got there. Having been a long time user of Yahoo Messenger myself I figured this must be an exploit or kiddy script - I might add - one of the many - over the years I've been using Yahoo Messenger. So I believed what he was saying. Could have been embarrassing.

    Yahoo Messenger has link cloaking which can be displayed to your contacts in the messenger friends list. What appears to be a Youtube link, and the like, could be something dangerous. So be careful folks.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
Loading...
Thread Status:
Not open for further replies.