New zero-day Yahoo Messenger exploit allows malware to spread via hijacked statuses

Discussion in 'other security issues & news' started by Hungry Man, Dec 5, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://nakedsecurity.sophos.com/201...essenger-exploit-hijacks-users-status-update/

    An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to fiddle with any user's status message - allowing malware to be spread, Bitdefender security researchers revealed on Friday.

    Vulnerable clients are found in version 11.x of Messenger, including the freshly released 11.5.0.152-us version.

    The reason the status update vector is so dangerous boils down to trust, the researchers said. Because status updates only go out to a user's small group of friends, those friends are likely to click through, and that's when the nastiness begins.
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Yep beware Yahoo Messenger users. A friend of mine contacted me the other day and told me to check my messenger friends list, to then look at his status ... the status read that he was a pedophile and other malicious things. And when I asked why he'd wrote that about himself, he had no idea how it had got there. Having been a long time user of Yahoo Messenger myself I figured this must be an exploit or kiddy script - I might add - one of the many - over the years I've been using Yahoo Messenger. So I believed what he was saying. Could have been embarrassing.

    Yahoo Messenger has link cloaking which can be displayed to your contacts in the messenger friends list. What appears to be a Youtube link, and the like, could be something dangerous. So be careful folks.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,836
    Location:
    Texas
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.