> Yahoo IM has yet to have an IM worm on its network > There has been no Yahoo IM worm, period.
Both quotes from your blog post. And I answered both your own statements, YIM has had worms and there have been Yahoo IM worms, period. But since the vast majority of IM worms don't send binaries, I'd be curious to know exactly what role your honeypots play. Are these Yahoo's honeypots, sniffing traffic looking for suspicious chat messages - or are they confined to your own chat sessions with friends? Also, doesn't Yahoo IM first try server brokering but resort to server proxy if the first attempt fails? If so, how can you be sure how much traffic your honeypot is even seeing, assuming it's a Yahoo honeypot and not a homegrown sniff your own. -- Mary ----- Original Message ----- From: "n3td3v" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, October 14, 2005 6:58 PM Subject: Re: [Full-disclosure] IMLogic telling porkies about Yahoo Theres a difference from capability to attack on Yahoo and attacks actually happening. I have yet to see any active worms on Yahoo IM network. Most of my honeypots are all bursting with phishing attempts trying to get the user account, falling short of the worm claims. You're aware of those worms by seeing them on your honeypots or have you simply compiled that list from searching the internet? On 10/14/05, Mary Landesman <[EMAIL PROTECTED]> wrote: > I can't speak to the IMLogic figures, but these are a few Yahoo IM worms of > which I am aware. > > Guap.a > Gunsan > Lile.a > Oscabot.k > StarGames > Velkbot.a > Yimp.a _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
