Yahoo! Instant Messenger service user login (YahooMSG_Login)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), Proventia Network IPS, Proventia Server IPS for Linux technology, RealSecure Server Sensor, Proventia Network MFS, Proventia Network IDS, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, BlackICE Agent for Server, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection:

This signature detects when a user logs in to the Yahoo! Instant Messenger service.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network IPS: 2.0, Proventia Server IPS for Linux technology: 1.0, RealSecure Server Sensor: 7.0, Proventia Network MFS: 1.0, Proventia Network IDS: A Series, IBM Security Host Protection for Desktops: 8.0.614.1, IBM Security Host Protection for Servers (Windows): 1.0.914.0, Proventia-G 1.1 and earlier: G Series, BlackICE Agent for Server: 3.6, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1

Systems affected

Microsoft Windows, Unix Unix, Apple Macintosh, Yahoo Messenger

Type

Protocol Signature

Vulnerability description

Yahoo! Messenger is a network service that allows Internet users to send "instant messages" and files to other users also running Yahoo! IM clients. These clients operate by connecting to a central server to log in and obtain the names of other clients. The Yahoo! Messenger protocol employs many versions and methods of connecting users together, including tunneling over HTTP, exchanging proprietary protocol traffic through a central server, and direct client-to-client connections. A typical Yahoo! IM message consists of a simple packet containing the originating user's login name, the destination login name, and a text message.

How to remove this vulnerability

Your institution's security policy may permit the use of instant messaging systems on your network. As a part of your institution's security policy, consider restricting use of instant messaging systems as needed. If restriction of instant messaging is not possible, file transfers over instant messaging services should be monitored for potentially malicious software.

References

Yahoo! Inc.
Yahoo! Messenger
http://messenger.yahoo.com/

ISS X-Force
Yahoo! Instant Messenger service user login
http://www.iss.net/security_center/static/8290.php