Re: yahoo chat security

From: Ian JP Kenefick (ian_kenefick_at_eircom.net)
Date: 04/04/05 

Date: Mon, 04 Apr 2005 08:22:00 +0100

On Sun, 03 Apr 2005 23:02:24 GMT, donnie <donnie@queyosepa.org> wrote:

>On Sun, 3 Apr 2005 15:54:58 -0500, "Kirby \"Does it Hurt?\" Black"
><Kirby@doesithurt.com> wrote:
>
>>I know, its probably a great laugh to suggest them both in the same
>>sentence! But I'd like to know if anyone every experienced what I
>>did yesterday.
>>
>>I was in a chat room, chatting away, someone apparently didn't like
>>what I said and they somehow booted me and shut down my messenger.
>>
>>When I turned it back on, it was signing itself in under someone
>>else's nic and told me that my nic was already in use! I'm pretty
>>sure its some neat little schoolboy cracker trick, but I'd sure like
>>to know how they did it, what the ramifications to my box could have
>>been, [so far it's ok 24 hours later], how they got to it...if anyone
>>knows.
>>
[snip]

Yahoo chat uses a yahoo chat client which runs as an independant
Instant Messenger. The term 'booting' refers to the failing or
crashing of yahoo messenger on the victims machine on receipt of
specially crafted packets which overflows the message buffer within
the program when they are logged onto the yahoo networks YMSG
protocol. 3rd party programs such as ytunnel www.ytunnelpro.com acts
as a proxy between yahoo server and yahoo client and using filters can
block out these packets. Many of these programs used to send these
malicicious packets share the same source code but the guys who
compile them are those who download vb via kazaa/limewire etc and
borrow the source from certain yahoo orientated websites. There are
other 3rd party clients available which use the less vulnerable YCHT
protocol. YCHT was the second generation of yahoo chat and is safer
and more stable than it's YMSG sister although it doesn't have the
same features.

Use YCHT utilising programs such as YahElite www.yahelite.org 

-- 
Regards,
Ian Kenefick
http://antivirus.ik-cs.com

Relevant Pages

  • Re: Only 8 More Days to Go!
    ... A general user may have Yahoo or MSN Messenger installed. ... Both Yahoo and Windows Live Messenger (MSN Messenger no longer exists; please try to keep up) can be configured in Pidgin along with AIM, ... Windows Yahoo Messenger has no direct access to Yahoo chat. ...
    (microsoft.public.windows.vista.general)
  • Re: Only 8 More Days to Go!
    ... A general user may have Yahoo or MSN Messenger installed. ... Both Yahoo and Windows Live Messenger (MSN Messenger no longer exists; please try to keep up) can be configured in Pidgin along with AIM, ... Windows Yahoo Messenger has no direct access to Yahoo chat. ...
    (microsoft.public.windows.vista.general)
  • Re: Only 8 More Days to Go!
    ... A general user may have Yahoo or MSN Messenger installed. ... I know many users who preferred MSN Messenger and I know others that are delighted with the Live Messenger eye candy. ... Windows Yahoo Messenger has no direct access to Yahoo chat. ...
    (microsoft.public.windows.vista.general)
  • Re: Only 8 More Days to Go!
    ... A general user may have Yahoo or MSN Messenger installed. ... They may use Yahoo Messenger to get into Yahoo chat. ... Yahoo Messenger has more users, and I can tell you straight that they will not swap to Pidgin, Trillian or anything else.. ...
    (microsoft.public.windows.vista.general)
  • [NT] Yahoo! Messenger URL Handler Remote DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A denial of service vulnerability exists in the way Yahoo! ... When these packets are sent Yahoo! ... Messenger version 6.0 ...
    (Securiteam)