Security experts discovered that the newly released version of Yahoo Messenger and some of its predecessors contain a vulnerability that allows an attacker to take over the status of an unsuspecting user, replacing it with his own malicious links.
Bitdefender researchers claim that the attack begins when a cybercriminal sends a maliciously crafted file, which loads an iFrame, to the user. By manipulating the instant messaging application’s $InlineAction parameter, the iFrame loads and changes the victim’s status message with a piece of text or a link.
For instance, if the malevolent file that’s sent replicates an image, Yahoo Messenger will try to display it, but in fact it executes the payload and changes the user’s status.
The effects of this attack could be devastating for the individuals in the victim’s contact list, but on the other hand, they could be highly beneficial for the attacker.
The chances for a cleverly designed status message to be clicked by the users found in someone’s contact list are pretty high and a cybercrook can easily utilize this to his advantage. The hijacked status could point to a website hosting an exploit that may target the well-known vulnerabilities in components such as Java or Flash.
As recent studies showed, people fail to update them when they should and hackers still successfully rely on bugs that were long fixed.
This Yahoo Messenger vulnerability may also be used in affiliate advertising schemes. Instead of launching phony Facebook campaigns that point users to survey websites, cybercriminals could very well take over statuses and the effects would be similar.
A very important thing is that the victim is totally unaware that his status is taken over and a worrying fact is that the attack could come from any YM user, even if he is not in the contact list.
Read more>>
