Yahoo Messenger Bug Lets Hackers Hijack Status Updates

Security researchers have come across an exploit in Yahoo Instant Messenger that has not been patched yet, which would allow a wave of malware to enter enterprise networks across the globe.

A researcher with BitDefender, a security firm, Bogdan Botezatu, on the company's blog wrote that the new patched version of the Yahoo Messenger has a vulnerability which lets a remote attacker to change the status message on the victim's account.

Even though this type of attack seems harmless but, according to the researcher the hacker can exploit this accessibility and encourage the friends and other online connections of the user to click on various malicious links, which will eventually infect their machines.

"The victim's status message [could be] swapped with an attention-getting text that points to a page hosting a zero-day exploit targeting the IE browser, the locally installed Java or Flash environments, or even a PDF bug", reads the Company blog, malwarecity.com.

Botezatu also commented that such accessibility to the status message is important and valuable for the hackers because online connections of the victim are most likely to check and also click on such links as compared to other malicious spam sent via email.

At present the users of Yahoo Messengers who can receive messages from people outside their contact list are exposed to this attack.