Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MailBag Response info about yhoo32-explr, IM malware - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MailBag Response info about yhoo32-explr, IM malware
We had an inquiry requesting additional information about a SANS NewsBites story (SANS Computer Security Newsletters and Digests) about yhoo32-explr, IM malware. Following up on the NewsBites item for the ISC contributor lead to the following information that might be of interest.

In discussing the actions of yhoo32-explr, FaceTime Security Labs researcher Chris Boyd says (at the spywareguide.com blog) "That's not all - a file is placed on the PC which contacts a URL firing off continually modified commands for the infection. They can change the infection message and the method of infection on the fly. Tailor made messages designed for Yahoo IM, Internet-based chat and IRC? You got it. It even randomly overtypes some of your IM messages as you hit the send button.".

Source information at Facetime.com here.

NewsBites item here Worm Spreads Through Yahoo Messenger (22 May 2006)
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!