 |
 IM woes resurface
March 28, 2005
In two separate incidents, the Yahoo! Instant Messenger and the Trillian instant messaging applications get booed.
Yahoo Messenger is the target of a phishing scam in which victims receive messages that appear to come from people on their buddy lists. When they grab the bait and click on a link in a message, they're transported to what they believe is a Yahoo Web site, where their login information is taken down by the perpetrators. A Yahoo spokesperson was able to confirm the attack on Friday.
The IM attempts to lull users into clicking on a URL, which then takes them to a spoofed Yahoo page requesting log-in information for their Yahoo accounts, according to an analysis by Akonix Systems Inc.
The Yahoo Messenger attack appears to be the result of a worm that steals buddy-list data and sends out instant messages containing a link to the bogus Web site.
"Phishing is an industry-wide issue, and one that Yahoo! takes very seriously," said Yahoo spokeswoman Terrell Karlsten in a statement. "A key defense in the fight against phishing is consumer awareness, and Yahoo! has made it a priority to help educate consumers so that they are empowered to protect themselves online."
While the Yahoo! attack is relatively new, the old and persistent bug that haunts the Trillian instant messaging agent which is able to combine the features of Yahoo, MSN and AOL IMs in one single product has raised the security experts' concerns.
This time a similar flaw has been found in Trillian 3.1, the latest version of the application developed by the Cerulean Studios. According to the Pittsburgh-based LogicLibrary Inc., a buffer-iteration overflow in the program's plug-in components, if exploited, could allow the malicious-code writers an absolute control over the stricken OS, from shutting down individual programs on computers to retrieving all personal documents and password information.
Werndorfer, CEO of the Cerulean Studios, has pledged that the hole will be patched in the next release of Trillian and said that many of the buffer problems were fixed in the 3.1 version of the application. He strongly encouraged all Trillian users to "exercise extreme caution" when accepting file transfers or any other form of communication from any unknown contacts.
|
|
