Yahoo Messenger is inserted malicious code into ads

According to new information received from the Center for Emergency Computer Rescue (VNCERT) of the Ministry of Information and Communications, Yahoo Messenger chat software is now being inserted with a destructive program code into the ad below. YM interface.

According to the information, Mr. Do Ngoc Duy Trac, Head of VNCERT's operational department provided, the advertisement image at the bottom of the Yahoo Messenger chat (YM) interface is currently being inserted malicious code, which can make your computer Users are attacked by hackers and take control.

The first information about this malicious code was discovered by CMC Information Security Security Center and reported to VNCERT Center at 16:30 pm today, June 10, 2008, to coordinate the response to the incident.

According to the initial analysis of VNCERT, in the program section loading the advertising images that appear randomly on YM software from Yahoo Messenger service server at insider.msg.yahoo.com has been inserted a code iframe to access the w.xnibi.com domain and load an index.gif file to the user's computer.

Yahoo Messenger is inserted malicious code into ads Picture 1

File index.gif when downloaded by YM software to the IE temporary internet files folder has been detected by Bitdefender 10 with Trojan.Downloader.JS.Agent.OX.( Screenshot 17h 10/6 ).

This index.gif image file is actually an html page embedded (embed) a flash file from the address w.xnibi.com/test.swf . This is the tool used to exploit the latest buffer overflow of Adobe Flash Player software, with the task of downloading a mm.exe file to the YM user computer and activating it.

When successfully run, the mm.exe file will download about . 20 different types of viruses and Trojans to YM user computers, allowing hackers to easily penetrate and hijack the computer.

The impact of malicious code on YM software not only affects Vietnamese users but also in many other countries.

Currently, by 17:30 pm (June 10), VNCERT contacted 6 domestic ISPs and VNNIC, requested to block (block) w.xnibi.com domain names , and contacted cert centers. Yahoo's area and technical department to continue to find the cause, determine the level of vandalism. In addition, the BKIS Virus Prevention Center is also required by VNCERT to participate in analyzing and writing scanning tools, killing the spreading viruses as soon as possible.

Some recommendations for users to prevent virus transmission via YM software:

- Temporarily do not use Yahoo Messenger software installed on your computer. If you need to communicate with the YM service, switch to web services like www.meebo.com or chat directly in the mail.

- Need to update the latest version of Adobe Flash Player software at http://www.adobe.com/products/flashplayer/

- Update antivirus software to detect the latest viruses.

- Keep track of the next information and use the scanning tools, remove viruses spread through this YM error.