Malware spread via Yahoo Instant Messenger has been around for years. Infection, though, has been limited by the fact that it requires some interaction with the user.
How does it work?
The status message change happens when an attacker simulates sending a file to a user. This action manipulates the $lnlineAction parameter in order to load an iFrame which , when loaded ,swaps the status message for the attacker’s custom text. This status may include a dubious link.
Why is this dangerous?
When the victim's status message is swapped with an attention getting text that points to a page hosting a zero-day exploit targeting the IE browser, the locally installed or Flash environments or even a PDF bug, to mention only a few. when a contact clicks on the victim’s status message, chances are they get infected without even knowing it. All this time, the victim is unaware that his status message has been hijacked!!
0 komentar:
Posting Komentar