Phishers target Yahoo Messenger

Yahoo's free instant-messaging service is being targeted by phishers attempting to steal usernames, passwords and other personal information.

Yahoo confirmed Thursday that its service, Yahoo Messenger, was being targeted by a scam. According to the company, attackers are sending members a message containing a link to a fake Web site. The fake site looks like an official Yahoo site and asks the user to log in by entering a Yahoo ID and password.

		Related story Does IM stand for insecure messaging? Trojan horses and other attacks are galloping toward instant-messaging users.

The scam is convincing because the original message seems to arrive from someone on the victim's friends list. Should the recipient of the phishing message enter his details on the Web site, the attackers can gain access to any personal information stored in the victim's profile and, more important, access to the victim's contact list and IM friends list.

A Yahoo representative told ZDNet Australia on Thursday the attack was not very widespread but that consumers should be aware it exists so they can protect themselves.

"Hackers have become very devious in their methods to obtain personal information," the representative said. "In this case, the hacker was able to trick the user into providing personal information by disguising their identity to make it appear that the message was coming from a trusted source."

During the past month, Microsoft's MSN Messenger service has been targeted by various pieces of malicious software, including a Trojan horse and a virus. In late February, Microsoft had millions of its MSN Messenger users update their client software in order to stop one of the worms spreading around its network.

MSN Messenger was an obvious target because of its popularity, said Graham Connolly, Australia and New Zealand manager of Websense, a Web-filtering and security software company.

"Hackers want to use IM as another attack vector to steal personal information. They hit MSN Messenger first because it is the most popular," Connolly said.

Connolly said that as e-mail filtering technology matures, attackers look for new ways to access confidential information.

"Content filtering, e-mail filtering and antivirus are now mature technologies, so the attackers need to find another way, and IM is becoming one of those ways--like spyware," Connolly said.

According to a survey of businesses published Thursday by Internet security specialist SurfControl, 90 percent of respondents said they have an Internet access policy--but about half have no policy concerning the use of IM and peer-to-peer applications.

Charles Heunemann, managing director in Australia for content-filtering company SurfControl, said IM and peer-to-peer communications are rarely encrypted, making them susceptible to snooping, hijacking and impersonation attacks.

"Serious security vulnerabilities such as buffer overflows, denial-of-service attacks and encryption weaknesses continue to be found and exploited in all popular instant-messaging clients," Heunemann said.

Heunemann said companies should protect themselves by enforcing strict policies regarding the use of IM and peer-to-peer applications in corporate environments.

"Left ungoverned, instant-messaging applications are an easy vehicle for accidental or malicious disclosure of sensitive corporate data, including company financials, personnel records and customer data," he said.

Munir Kotadia of ZDNet Australia reported from Sydney.

[n3td3v]

Isolated incident hyped up into something BIG

This is an isolated incident hyped up by CNET. The quotes by Connelly from Websense are so far off its untrue. CNET obviously didn't do any research on this incident and just took the word of connelly as truth. The only protection or come back CNET have is, "We put in quote unquotes". That still doesn't give your article much credibility by people who deal with IM security as a living. This is an irresponsible article on the part of security. Many of CNET's security related articles are irresponsible, which only breed more security incidents, which can only create more problems for those security professionals who are trying to tackle security problems. Wording articles in such a way that basically tells virii writers, spammers, hackers and script kiddies what to do, is only adding to the overall scheme of things. I'd like it very much if the guy from websense got in touch with me and backed up the comments seen on this article, because from my point of view, you don't say anything credible, and you offer from little actual solution to the situation, apart from buzzwords, which are perfect for news articles like this who want to draw in the hits, and create hype and fear to gullible net users, who are easily infulenced by articles like this, weather the content of the article is reflective of the truth and the situation. This article to me is taken very much out of context of Yahoo's actual messenger network security situation, with regards to the topic of phishing, worms, malicious IM messages. Thanks, n3td3v... http://www.geocities.com/n3td3v

[Randyincv]

Yahoo Messenger Phishing attacks.

I work in the computer industry, as savvy as I am about security and scams, I too, fell victim to a Yahoo Messenger Phishing attack a year ago. It took 4 days of emailing to get my account back. The people that do these "Phishing Sams" are doing it more and more frequently. It IS a spreading problem. Once someone figures out how to do this and tells all of his buddies or posts a "how to" on a hacker site, the problem spreads. I have been targeted 3 additional times in the last 2 weeks. By looking at the URL you're directed to with a Netscape Browser, I was able to see who the recipient of the collected screennames and passwords were. I used the "Page Source" and "Page Info" tools within Netscape to do this. The last 2 times it was going to a Gmail account. the last 2 times the page was hosted on a free webhosting service in Utah. I contacted Google, Yahoo and the webhosting service and gave them all of the information I collected. I also did a "screenshot" of the Yahoo messagenger message by holding the "Alt" Key and hitting print screen. I then pasted the image into a photo program and saved it as a Jpeg, I included that as an attachment to my reporting emails. If you get ANY unsolicited message on an IM program that has a link that wants you to log in. Save the URL but DO NOT log onto the page or you too will become a victim and get locked out of your account. As far as this problem being blown out of proportion, I don't think it is. I have talked to 3 other people at work who have had this happen and I assisted them in restoring their Yahoo accounts. I directed them to the Yahoo help page and they had their accounts reestablished by identifying their birthdate. I hope this sheds some light on this problem and puts a face on a victim. I was sent a message from a trusted, local friend when I got my account hijacked, their account had been compromised. Please use caution.

Randy in Corvallis, Oregon.

[n3td3v]

CNET trying to manipulate the security community

MSN is the only messenger network so far to see anything, but people like CNET are sticking with stories like this to try and infulence and manipulate the security community into attacking other IM networks, to make some big IM story for them to write about. The truth is MSN messenger network has had *some* problems with worms, but its not as BIG as CNET are making it out to be. CNET are desperate to get malicious users to attack people like Yahoo Messenger, to give CNET something good to write about. the truth is IM attacks are very few and far between, but if news outlets like CNET keep up with these kind of stories, they could manipulate and infulence the kiddiots into attacking IM networks, if an experienced user from the security community releases some code. This is a highly IRRESPONIBLE article by CNET, and I believe CNET and other news outlets should act RESPOSIBILY with security articles andf headlines, and should he held ACCOUNTABLE for headlines and news article wording, that are obviously and blantantly reaching out to malicious users to attack or hack.

[n3td3v]

Did CNET even contact IM-Logic?

Did CNET even contact IMLogic and ask them about the scale of this reported "phishing"? IMLogic are the guys who monitor Yahoo messenger network, for Yahoo. Not "Websense", who are just some third-party in the same market as CNET and thats creating Media Hype, rather than being in the interest of providing the facts on a given incident, like IMLogic. IMLogic are partners with Yahoo, but CNET didn't contact them. Further proof of how rushed and unresearched this article actually is to the reported Yahoo Messenger "phishing".

[nikhilamin]

out of control yahoo rooms and life threats

I have been using yahoo messenger and watching too many booters hackers and know few of them who do it, but i dont see any link where a yahoo user can place a complain about such people who do it, i guess it may help locating and stoping hacking, as people are filled with information of wwho and how they do but as its said : no cleaning can be done without the owners wanting it to be done"

[malik47]

yahoo messenger virus

i have very hardly created the cnet account.those hackers are very dangerous.whenever i tried to make a cnet account they shut down my computer .now, i have created from cafe to post my comment ..my PC is compltely in their control.they have taken all my personal information.when ever i turn on my computer a file starts running in the task manager and the computer screen starts shaking.They are still there in yahoo islam room and chat as usual.My yahoo Id is also hacked but its a common problem.

the amazing thing is they control my computer with no internet cable connected.All lights on the back of my cpu are on.when my computer shuts down it say closing network service. I have a lot to say....