• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

IMlogic Threat Center Reports New Instant Messaging Phishing Attack, IM.Marphish.Yahoo, is Spreading Over the Yahoo Instant Messaging Network Attempting to Collect End-User Login and Password Information

Posted on: Thursday, 10 November 2005, 12:00 CST

IMlogic: WHAT: Industry leader IMlogic (www.imlogic.com) is warning customers that a new phishing attack, IM.Marphish.Yahoo, is being broadcasted over the Yahoo instant messaging network. This new attack sends users a message that appears to be from the Yahoo "abuse department" and informs the user that they are in violation of the Yahoo Terms of Service Agreement. The message informs the user they must respond to this complaint to prevent their account from being deactivated, and includes a URL to a malicious site hosted at the 42.pl domain that redirects user to a Web page that appears to be the Yahoo login page. The phishing attack is propagating from a buddy named ychat_complaint_dept_6b. It will likely mutate with other variations of the screen name as it progresses. The yahoo system will ask for permission to add this buddy to your buddy list and then delivers the message. This form of social engineering has been particularly effective especially with the message focused on a loss of the service. IMlogic's Threat Center automatically detected, quarantined and blocked this latest attack using the IMlogic Real-Time Threat Protection System (RTTPS). RTTPS automatically protects against these new, previously unknown IM threats by providing in depth analysis of client and message structure, network anomalies, and message content to identify IM threat propagation behavior and signatures. This in-depth, real-time analysis allows the system to predicatively block and validate potential threats, while immediately protecting the IMlogic Threat Center Community. IMlogic recommends organizations strengthen additional security protection by ensuring all desktop antivirus solutions are updated, the latest security patches have been applied to all desktop systems, and that all out of date IM clients have been blocked from accessing the relevant IM networks. WHO: Experts from the IMlogic Threat Center can speak with technology and business reporters, industry analysts, enterprises, partners or anyone concerned about the impact of this threat. IMlogic can also offer commentary involving increased risk from IM worms, phishing attacks and other security threats related to the growing popularity of IM use within enterprise. MORE INFO: Learn more at IMlogic's Threat Center: http://www.imlogic.com/im_threat_center/index.asp.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

IMlogic, IMlogic products and IMlogic IM Manager are trademarks of IMlogic Corporation and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Source: Business Wire

More News in this Category