Jumat, 02 Desember 2011

New Yahoo 0-day exploit hijacks status updates !!

Malware spread via Yahoo Instant Messenger has been around for years. Infection, though, has been limited by the fact that it requires some interaction with the user.

 

yahoo2

 

How does it work?
The status message change happens when an attacker  simulates sending a file to a user. This action manipulates the $lnlineAction parameter in order to  load an iFrame which , when loaded ,swaps the status message for the attacker’s custom text. This status may include a dubious link.

yahoo

 

Why is this dangerous?

When the victim's status message is swapped with an attention getting text that points to a page hosting a zero-day exploit targeting the IE browser, the locally installed  or Flash environments or even a PDF bug, to mention only a few. when  a contact clicks on the victim’s status message, chances are they get infected without even knowing it. All this time, the victim is unaware that his status message has been hijacked!!

0 komentar:

Posting Komentar