lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat Oct 15 00:38:36 2005
From: mlande at bellsouth.net (Mary Landesman)
Subject: IMLogic telling porkies about Yahoo

> Yahoo IM has yet to have an IM worm on its network

> There has been no Yahoo IM worm, period.

Both quotes from your blog post. And I answered both your own statements,
YIM has had worms and there have been Yahoo IM worms, period.

But since the vast majority of IM worms don't send binaries, I'd be curious
to know exactly what role your honeypots play. Are these Yahoo's honeypots,
sniffing traffic looking for suspicious chat messages - or are they confined
to your own chat sessions with friends? Also, doesn't Yahoo IM first try
server brokering but resort to server proxy if the first attempt fails? If
so, how can you be sure how much traffic your honeypot is even seeing,
assuming it's a Yahoo honeypot and not a homegrown sniff your own.

-- Mary

----- Original Message ----- 
From: "n3td3v" <xploitable@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, October 14, 2005 6:58 PM
Subject: Re: [Full-disclosure] IMLogic telling porkies about Yahoo


Theres a difference from capability to attack on Yahoo and attacks
actually happening. I have yet to see any active worms on Yahoo IM
network. Most of my honeypots are all bursting with phishing attempts
trying to get the user account, falling short of the worm claims.

You're aware of those worms by seeing them on your honeypots or have
you simply compiled that list from searching the internet?

On 10/14/05, Mary Landesman <mlande@...lsouth.net> wrote:
> I can't speak to the IMLogic figures, but these are a few Yahoo IM worms
of
> which I am aware.
>
> Guap.a
> Gunsan
> Lile.a
> Oscabot.k
> StarGames
> Velkbot.a
> Yimp.a
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ