Yahoo Instant Messenger Under Attack Again or Still?

A new variant of an old Yahoo Instant Messenger Worm spreading fast.

imageIn business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users who want real-time computer contact with each other, and so, they form a perfect attack vector for malware distribution.

Symantec, along with a number of other security providers, are warning users of Yahoo Instant Messenger specifically, they are being targeted by a new variant of an old IM Worm, identified by Symantec as W32.Yimfoca.




(Graphics courtesy of Symantec)

If you are a Yahoo Instant Messenger user, you need to be particularly cautious, at the moment, in saving what appears to be a JPG or GIF file, but in fact could easily be this malicious executable.

This threat drops a worm which will lead to the attacker taking control of the victim’s computer. Additionally, the Worm is programmed to attack those in the victim’s contact list.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.


Sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.


Click here: “Keep Your Kids Safe With Free Parental Control Bar”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety, Internet Safety for Children, Malware Advisories, Software, Symantec, System Security, Windows Tips and Tools, worms

12 responses to “Yahoo Instant Messenger Under Attack Again or Still?

  1. I don’t know how possible or how well it would work but for dummies it’d be good – Every time you or some program tries to enter a link into an IM conversation then you have to confirm it. I am not really familiar with viruses + IM’s and don’t know if it would even be possible but that’s the first thing i thought of.

    • Bill Mullins

      Hey Rakeback,

      The trigger for this type of malware is “social engineering”. In other words, convincing someone to do something against their own best interest by skillful manipulation of facts, or circumstances. In this particular case, since the link appears to come from a friend, an unaware user (sadly, most users), is quite likely to click on the link.

      This specific infection is a short term problem – security applications will have a definition file to intercept this Worm shortly, and it’s likely that many already do. Unfortunately, this one will be replaced by another, and another……….. So, the real objective of this type of article is, to educate users to always consider the security ramifications of “clicking” on ANYTHING, while surfing the Net. In other words – Stop – Think – Click.


  2. Ranjan

    Hi Bill
    No suprise that IM holds for about 50% of malware distribution…
    The first and foremost thing that IM users should do is to use a spare email and do not provide personal infos to anyone, even if it’s your friend unless you’ve made sure that it’s a genuine request as who knows, your friend’s account might have been compromised and instead of the friend, the hacker is asking for such infos..:P
    Also, many users just don’t care about security just because they think that there’s nothing personal on their pc, but still, they’ve very important thing, the bandwidth which the bad guys (after zombifying user’s pc) use to spread spams, scams etc.. and they play in millions, billions…
    And ofcourse, how can virtualization be kept apart…
    Just if people could develop this much understanding. . . . .

    • Bill Mullins

      Hey Ranjan,

      I couldn’t have said that any better. Excellent advice.


      • Bill, great blog. Glad I found you! Do you remember where you got this stat: “almost 50% of worms use instant messaging applications to spread.” If I have the source to back it up, I could really use this to drive some changes around IM at my company. Thanks!

        • Bill Mullins

          Hi Gary,

          I first wrote on this issue 18 months or so ago, so I’m unsure, at this point, as to where theses stats originally came from. Generally though, I use stats from any/all of the following security providers/researchers – Kaspersky, Symantec, Panda Security, and others. I have a strong feeling thought, that these stats came from a Symantec tech paper, on IM Worms.

          If I might make a suggestion – since you are in an enterprise environment. It seems to me a strong persuader, other than penetration rates, would be the hard costs involved in recuperating from an infection caused by an IM Worm, or any malware attack, for that matter. Soft costs, including such issues as damage to a company’s status and reputation, are additional factors to consider.

          Thank you for commenting, and for visiting.


  3. Mal

    Hey Bill,

    Great advice as always. Personally, I don’t have instant messenger software on my machine anymore. I have a few friends I talk to using MSN Web Messenger, and that’s all I ever do,is just talk. I NEVER accept links or file sharing from anyone. If there is something I need, I will find it myself. But that’s just me, being the paranoid Aussie that I am lol.


    • Bill Mullins

      Hey Mal,

      From a paranoid Canadian to a paranoid Aussie. Yes!!!

      The only time I have a chance to talk lately it seems, is when I’m caressing a pint of Ale, and I can assure there’s no computer around then, (just fine women), and the BlackBerry is switched OFF. lol



  4. Pingback: Tweets that mention Yahoo Instant Messenger Under Attack Again or Still? « Bill Mullins' Weblog – Tech Thoughts --

  5. TeXaCo

    Hey Bill,

    Thanks for the reminder. I just recently set up one of my younglings with a windows live account. I will pass on the info and continue to keep a close eye on the “going ons” around here.



    • Bill Mullins

      Hey Tex,

      Oversight is always a good idea when introducing young people to the power of the Internet. Good for you.


  6. Pingback: Yahoo Instant Messenger Under Attack Again or Still? « Bill … Cosmetic body on me