Full Disclosure mailing list archives
Re: IMLogic telling porkies about Yahoo
From: "Mary Landesman" <mlande () bellsouth net>
Date: Fri, 14 Oct 2005 19:51:32 -0400
Yahoo IM has yet to have an IM worm on its network
There has been no Yahoo IM worm, period.
Both quotes from your blog post. And I answered both your own statements, YIM has had worms and there have been Yahoo IM worms, period. But since the vast majority of IM worms don't send binaries, I'd be curious to know exactly what role your honeypots play. Are these Yahoo's honeypots, sniffing traffic looking for suspicious chat messages - or are they confined to your own chat sessions with friends? Also, doesn't Yahoo IM first try server brokering but resort to server proxy if the first attempt fails? If so, how can you be sure how much traffic your honeypot is even seeing, assuming it's a Yahoo honeypot and not a homegrown sniff your own. -- Mary ----- Original Message ----- From: "n3td3v" <xploitable () gmail com> To: <full-disclosure () lists grok org uk> Sent: Friday, October 14, 2005 6:58 PM Subject: Re: [Full-disclosure] IMLogic telling porkies about Yahoo Theres a difference from capability to attack on Yahoo and attacks actually happening. I have yet to see any active worms on Yahoo IM network. Most of my honeypots are all bursting with phishing attempts trying to get the user account, falling short of the worm claims. You're aware of those worms by seeing them on your honeypots or have you simply compiled that list from searching the internet? On 10/14/05, Mary Landesman <mlande () bellsouth net> wrote:
I can't speak to the IMLogic figures, but these are a few Yahoo IM worms
of
which I am aware. Guap.a Gunsan Lile.a Oscabot.k StarGames Velkbot.a Yimp.a
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IMLogic telling porkies about Yahoo n3td3v (Oct 14)
- Re: IMLogic telling porkies about Yahoo James Tucker (Oct 14)
- Re: IMLogic telling porkies about Yahoo Native.Code (Oct 14)
- Re: IMLogic telling porkies about Yahoo n3td3v (Oct 14)
- Re: IMLogic telling porkies about Yahoo Mary Landesman (Oct 14)
- Re: IMLogic telling porkies about Yahoo n3td3v (Oct 14)
- Re: IMLogic telling porkies about Yahoo Mary Landesman (Oct 14)
- Re: IMLogic telling porkies about Yahoo James Tucker (Oct 14)
- Re: IMLogic telling porkies about Yahoo n3td3v (Oct 14)
- <Possible follow-ups>
- Re: IMLogic telling porkies about Yahoo Fergie (Paul Ferguson) (Oct 14)