14 DAY TRIAL // Security experts discovered that the newly released version of Yahoo Messenger and some of its predecessors contain a vulnerability that allows an attacker to take over the status of an unsuspecting user, replacing it with his own malicious links.
Bitdefender researchers claim that the attack begins when a cybercriminal sends a maliciously crafted file, which loads an iFrame, to the user. By manipulating the instant messaging application’s $InlineAction parameter, the iFrame loads and changes the victim’s status message with a piece of text or a link.
For instance, if the malevolent file that’s sent replicates an image, Yahoo Messenger will try to display it, but in fact it executes the payload and changes the user’s status.
The effects of this attack could be devastating for the individuals in the victim’s contact list, but on the other hand, they could be highly beneficial for the attacker.
The chances for a cleverly designed status message to be clicked by the users found in someone’s contact list are pretty high and a cybercrook can easily utilize this to his advantage. The hijacked status could point to a website hosting an exploit that may target the well-known vulnerabilities in components such as Java or Flash.
As recent studies showed, people fail to update them when they should and hackers still successfully rely on bugs that were long fixed.
This Yahoo Messenger vulnerability may also be used in affiliate advertising schemes. Instead of launching phony Facebook campaigns that point users to survey websites, cybercriminals could very well take over statuses and the effects would be similar.
A very important thing is that the victim is totally unaware that his status is taken over and a worrying fact is that the attack could come from any YM user, even if he is not in the contact list.
So you might be wondering how you can mitigate such attacks.
First of all, presuming your friends are not hackers, you can enable the Yahoo Messenger option which specifies that anyone who is not in your contact list is ignored.
The second recommendation is that you install reliable security software that’s up to date and fully operational. The HTTP scanners implemented by security solutions providers into their products mostly do a good job against these attacks.
Finally, Yahoo! was notified on the issue and hopefully they will release an update of their own that will make sure their customers are protected.