Tag Archives: Yahoo! Messenger

Is Yahoo! under attack?

I could not get onto Yahoo! Messenger right this moment. Even Yahoo! Mail and Web Messenger wouldn’t load. With only a few Yahoo! services I make use of,[1] the only thing I could currently load is the homepage.

I was thinking about a localized network issue on my part since PLDT myDSL has had a lot of negative feedback from subscribers.[2] But my cousin from another city just got online on Gmail with Chat/Google Talk, and though he is on the same provider, I could confirm this isn’t an isolated issue. Unless of course the whole of PLDT’s network couldn’t resolve a connection to select Yahoo! servers.

So, I thought: Is Yahoo! under attack? It is, basically, on a distributed network of servers. So I could think that only the mail and messaging servers were targeted with DoS attacks. Could anybody confirm this?

Losing a heavily used communications tool is much of a hassle for someone like me especially at these times of night. And all those cyber crime in TV shows and news articles I’ve read just fuels my h4x0r imagination.

Ohhhkay. The moment I hit “Publish”, Messenger popped-out having just signed on again. That was weird, but the 2½-hour downtime is still something considering Yahoo! is a very large Internet corporation. So I still ask: Was Yahoo! attacked? Or should I consider changing my Internet Service Provider now? :P

  1. ^ Those two mentioned above, Messenger and Mail.
  2. ^ Though I am still 95% positive about the service I am getting.

Show Off Your Desktop

Lexie had me tag myself for showing off her simple, albeit funny, desktop. I really want to do the meme, though I had a little difficulty picking which one out of four systems (or maybe every one) I use I should show, and from which systems I’d pick five of my favorite applications. I eventually decided to go exclusively for the best one (system).

The meme goes like this: Post a screen shot of your desktop, and list five of your favorite applications.

And, so, here’s my desktop:

My Ubuntu Desktop

The top five applications I currently can’t live without include:

  1. Mozilla Firefox: the best and most extensible Web browser there is. It even runs fast on Linux. Though Linux has inherent security features, the security Firefox gave me when I was still on Windows gave me more peace of mind while browsing the Web.

    Addons: ColorZilla, Download Statusbar, Foxmarks Bookmark Synchronizer, FxIF, Organize Status Bar, Screen grab!, SearchStatus, ShowIP, Web Developer

  2. GNOME Terminal: a command line interface for Ubuntu, which I use for almost anything not readily available on a GUI.

    Separate apps I run on terminal: SVN, GNU nano

  3. Rhythmbox: Ubuntu’s default music player. This app isn’t really full-featured, IMO. It lacks an equalizer and configurable global hotkeys,[1] among others. But, its readily available plugins that include a very good iPod support, and Last.fm scrobbling makes up for everything. Notably, iPods’ music content could be read and played without syncing.[2] And, it has LIRC support I am hoping to try someday.

    Plugins: Last.fm, iPod, Cover art

  4. Gaim (now Pidgin): a multi-protocol instant messenger. I usually like official IM clients more, but since I use the Yahoo! Messenger service the most often, and the official YM client for UN*X systems became abandonware,[3] and I use Google Talk as well, I opted for the default IM client on Ubuntu. Besides, Psychic Mode is bloody cool.

    Plugins: Buddy State Notification, Message Notification, Message Timestamp Formats, Psychic Mode

  5. µTorrent (with WebUI beta): OK, I cheated as this application runs on my Windows desktop. But, thanks to µTorrent’s very innovative WebUI, I could control it from my Ubuntu notebook as well. I could have used Wine (hat tip to my classmate Luis), but my high-capacity disk is on my desktop anyway.

Now, there’s some link love you don’t see here everyday. I tag everyone reading this who has a knack for showing off something. :P

Footnotes:

  1. ^ for non-multimedia keyboards; Good thing I have multimedia playback keys on my notebook.
  2. ^ I sync with the official iTunes client on my Windows with the big hard drive, and I haven’t tried syncing on Ubuntu yet—or tried checking if it is at least possible.
  3. ^ Latest release for UN*X systems is version 1.0.4 dated September 2003, while the latest Windows release is version 8.1.0.419 dated 29 August 2007.

Was the Messenger Virus Controlled?

For those using Yahoo! Messenger like I do, you could have encountered a friend sending links to some cool pics (s)he would like to show you. I wouldn’t have blogged this as my friend Nicole already did. But, it seems that those at Yahoo! have already controlled the spread by blocking the links causing them to just show up as “http://” and not the whole URI to the infected Web site.

I happened to encounter those messages weeks before I knew it was a virus but I use Firefox, and when I went to the Web site, it didn’t infect me at all.

I just hope other messenger programs implement a block for those infectious messages as well in one way or another if it would not be like the system Yahoo! is already using. Besides, not only Yahoo! Messenger is vulnerable to this, but also AOL Instant Messenger and Windows Live Messenger. If you use these two other messaging services, please tell me if they’re also properly responding to these attacks. More info about the virus can be found at the Trend Micro Virus Encyclopedia entry for WORM_SOHANAD.I

Happy IMing to you all! :)

Update: The spammers apparently knew about what Yahoo! has been doing to block the URL to their malware site as I’ve just received another spam message from a contact with the address still intact. They now encode a portion of the domain to circumvent the filters of Yahoo! Messenger servers. For example, instead of thecoolpics.com which is blocked by server filters, they now send addresses as thec%6folpics.com with %6f being a URL-encoded version of the letter o.

Get free Norton Antivirus software.

Phishing Warning

I’ve just received two attempted attacks of phishing from two of my bloggermates in my Yahoo! Messenger contact list. I guess their accounts are being hacked the time I’ve received those messages, so I want to warn those of you who want to protect your accounts.

For those who do not know, phishing literally means fishing [for passwords], as the letter f is usually replaced by ph in 13375p34k. Another definition could be password harvesting or fishing

There are many methods of phishing attacks, usually through email that, most probably, directly goes to your spam directory [if you have any]. But ones through YM or any other IM accounts that really look like your friends are referring to you to go to are somehow really mind-controlling.

The method I’ve encountered used a spoof of the Yahoo! Photos Web site inside a Yahoo! Geocities Web page requiring you to sign in with your username and password in the attempt to trick you that your friends’ photos are posted post-login. Please take note that Yahoo! Geocities Web pages are user-controlled, meaning other people just made up that Web page.

The two URIs that was given to me was:

Apparently, those two sites that were IMed to me were already reported and were taken down. Some may still be out there, [or are currently being made] so please watch out still.

Note: Do NOT enter your login details there.

If you take a look at both the main frames’ source pages (the frames with the sign in page displayed), you will see that the form input will go to a mailform (http://www2.fiberbit.net/form/mailto.cgi) with the same email address input of smoke.beer@gmail.com. (Now, spam that bastard!) It just means that your login information will go to his GMail inbox.

The primary solutions for this is within you. You should basically:

  • Never trust login forms inside a frame of user-controlled Web page.
  • Try to login directly from the site, with secure (HTTPS) connection if possible. (e.g., Yahoo! Login, Google Accounts)
  • Never trust friends’ URI referrals unless you really know the site or have checked for security flaws/issues.

I know I haven’t fully discussed what could be done to prevent such intrusions to your accounts, you might even want to change your passwords regularly. Just remember to be aware of such possibilities when visiting untrusted Web sites. Or else, you may be giving them permission to hack you.

More about Phishing: