NetNacs! eZine
 

Archive | Perspective | Helpful Hints | BizBits
LitKorner | DownUnder | LifeNow | Search

 

Sister Sites > Award Sites! | USA Patriotism! | Poetry Galore

NetNews

April 2004

 

Yahoo Instant Messenger Users Be Warned!
Or... "How your Messenger could help Hackers install Trojans on your system?"

Are you chatting with your family, friends, or co-workers online? Are you using an Instant Messaging Application such as YIM (Yahoo Instant Messenger) rather than posting your messages in a public chat room? If so, be warned!  Currently, YIM contains an ActiveX element named "Yauto.dll" that is responsible for most of YIM's web-based features.

Tri Huynh of SentryUnion discovered that this ActiveX component (standard in YIM versions 5.6 and earlier) is vulnerable to a buffer overflow1. What does this mean? By luring you to a vicious website or using HTML in an E-Mail message send through YIM, a hacker can use a backdoor opened by the buffer overflow to run code on your machine. Huynh tested this by creating a website with malignant content that contained a Trojan, which downloaded and executed itself on the test system. To make this attack work the exploited user needs to have local administrative system rights, which then are used by the attacked to gain full control of the user's computer.

The easiest and most secure way is not to use any Instant Messenger Software per se. If you however rely on such an application choose a secure solution such as Jabber (http://www.jabber.com) or MAGI Secure IM (http://www.endeavors.com/secure_im.html).  The downside of most secure apps is that they are mostly not for free.

Remember that to this date Yahoo has not released a patch to correct this flaw within its software. Still hooked on YIM? There might be a workaround: Try deleting the file in question (Yauto.dll) by performing a Windows search then right-clicking and removing it from your system. Because it is not entirely clear what purpose this ActiveX component serves be warned… it could influence the overall functionality and integrity of your YIM application.
_____________

1This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access. (Source: http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html)

Copyright © 2004

 USA Store! ... over a thousand USA themed gifts / products at USA Patriotism!