Yahoo! Instant Messenger service user login (YahooMSG_Login)

About this signature or vulnerability

Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Unix), Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Network MFS, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows):

This signature detects when a user logs in to the Yahoo! Instant Messenger service.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0, IBM Security Host Protection for Desktops: 8.0.614.1, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, Proventia Network IPS: 2.0, Proventia Network MFS: 1.0, RealSecure Server Sensor: 7.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0

Systems affected

Microsoft Windows, Unix Unix, Apple Macintosh, Yahoo Messenger

Type

Protocol Signature

Vulnerability description

Yahoo! Messenger is a network service that allows Internet users to send "instant messages" and files to other users also running Yahoo! IM clients. These clients operate by connecting to a central server to log in and obtain the names of other clients. The Yahoo! Messenger protocol employs many versions and methods of connecting users together, including tunneling over HTTP, exchanging proprietary protocol traffic through a central server, and direct client-to-client connections. A typical Yahoo! IM message consists of a simple packet containing the originating user's login name, the destination login name, and a text message.

How to remove this vulnerability

Your institution's security policy may permit the use of instant messaging systems on your network. As a part of your institution's security policy, consider restricting use of instant messaging systems as needed. If restriction of instant messaging is not possible, file transfers over instant messaging services should be monitored for potentially malicious software.

References

Yahoo! Inc.
Yahoo! Messenger
http://messenger.yahoo.com/

ISS X-Force
Yahoo! Instant Messenger service user login
http://www.iss.net/security_center/static/8290.php