Full Disclosure mailing list archives

Re: IMLogic telling porkies about Yahoo

From: "Mary Landesman" <mlande () bellsouth net>
Date: Fri, 14 Oct 2005 13:09:29 -0400

I can't speak to the IMLogic figures, but these are a few Yahoo IM worms of
which I am aware.

Guap.a
Gunsan
Lile.a
Oscabot.k
StarGames
Velkbot.a
Yimp.a

All but one of these (Gunsan) was reported by antivirus vendors after April
2005.

According to the data I've collected, MSN Messenger users (in large part
because of Kelvir) appear to be the most frequent targets of all Instant
Messenger threats, with 319 IM worms (that I know of) to contend with. AOL
Instant Messenger (AIM) users come in a distant second with 64 IM worms
(that I know of) targeting them. Both ICQ and Yahoo! Messenger take third
place with only 7 IM worms (that I know of) each targeting those chat
clients.

It's probably a better idea to do the research yourself rather than relying
on figures from the client vendors (or even from me, for that matter). This
is all information that is available in various antivirus vendor
encyclopedias; it just requires jumping through search hoops rather than
jumping to conclusions.

-- Mary

----- Original Message ----- 
From: "n3td3v" <xploitable () gmail com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, October 14, 2005 12:28 PM
Subject: Re: [Full-disclosure] IMLogic telling porkies about Yahoo


On 10/14/05, James Tucker <jftucker () gmail com> wrote:

Sorry for the extremety of my blunt response, but I have two things to

say:


1. How the fuck do YOU know any more than they do? Just because you
obsess over the security factors around a company with which you have
no affiliation does not put you in any greater authority to make
statements like those you made there.


I heard it from the horses mouth. Yahoo don't acknowledge the same
stats that IMLogic report on, and Yahoo say IMLogic's findings don't
match that of Yahoo's own stats of their network.

IMLogic can report on something and claim a worm is attacking, but
when Yahoo's people go and look at their network, nothing is actually
taking place!

How many malicious messages do IMLogic record, before they decide
theres a wide spread attack? Thats my question, because even with
reports of worms on Yahoo, none have been seen by Yahoo or users..

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

IMLogic telling porkies about Yahoo n3td3v (Oct 14)
- Re: IMLogic telling porkies about Yahoo James Tucker (Oct 14)
  - Re: IMLogic telling porkies about Yahoo Native.Code (Oct 14)
  - Re: IMLogic telling porkies about Yahoo n3td3v (Oct 14)
    - Re: IMLogic telling porkies about Yahoo Mary Landesman (Oct 14)
    - Re: IMLogic telling porkies about Yahoo n3td3v (Oct 14)
    - Re: IMLogic telling porkies about Yahoo Mary Landesman (Oct 14)
  - Re: IMLogic telling porkies about Yahoo n3td3v (Oct 14)
- Re: IMLogic telling porkies about Yahoo eric williams (Oct 14)
- <Possible follow-ups>
- Re: IMLogic telling porkies about Yahoo Fergie (Paul Ferguson) (Oct 14)