Instant Messaging is a very fast and convenient form of communication. However it has opened up a new medium for hackers and script kiddies to mess around. In this paper, we’ll take a look at yahoo messenger and see what we can do to keep our PCs safe.

We will look at two levels at which you can protect your PC. The first one will include configuring yahoo messenger’s default settings and installing a firewall. The second level will deal with third party programs which either replace yahoo messenger or create a safer environment by constantly monitoring your system.

Floating Hacks – The Problem

Let us first take a look at some of the types of hacks floating around. These fall into the following categories:

1. Booters
   A booter is something that disconnectes (or “boots”) the target from the chat/IM service. Usually, a lot of junk traffic is sent to your client causing yahoo to disconnect you.

2. Bombers
   If you have suddenly found many windows opening, covering up all of your screen, starving your system of resources and eventually crashing your computer, you’ve just been bombed! This is usually the result of programming error/not taking too much trouble in designing the protocol/oversight by the programmers at yahoo. An unchecked bombing will crash your system and you’ll have to reboot your machine.

3. Internet Explorer vulnerabilities
   

   Later versions of yahoo use internet explorer to display all the chat/IM text. If you haven’t lived on Mars all your life (or you are a fellow penguin lover [wtf are you doing here anyway?:P]), you must have heard of the various patches/security updates released by microsoft. These vulnerabilities range from the annoying to the severe and can be really dangerous in the right (wrong?) hands. You can loose all data, all your personal info can be read, your mails and correspondence peeked at and your computer can be taken over.

   Fortunately, most of the internet explorer vulnerabilities can be exploited only in rare circumstances but your best bet is to stay updated.

The Solution

Level I

The first thing to do is to check whether messengers’ settings are set properly. These are found under Login -> Preferences in the menu.

• Messages – One of the ways of freezing the victims computer has been to send too many messages each with a different yahoo ID. Many windows pop up as a result using up all your memory eventually causing your computer to crash.

  To avoid this to a certain extent, select ‘Messages are shown in a single message box’. This will still cause a crash if you are being
  bombarded with messages. For better protection, follow the instructions under ‘Privacy’.

• Archiving – Imagine someone breaking into you computer and having access to all your conversations! Uncheck “Enable Archiving” and delete the folder Archive typically present under C:\Program Files\Yahoo!\Messenger\Profiles\your-username\Archive.

• File Transfer – Disable automatic download of files. This way nobody can send you files without your permission. To do this, select “Ask me for permission before downloading files” and “Ask me for permission to get files”.

• Webcam settings – Avoid Peeping Toms. Choose “Always ask for my permission” under Login -> Preferences -> Webcam.

• Privacy – Do not allow people other than your friends to IM you. This way you’ll avoid most of PM boots and other nasty stuff. Select “Ignore anyone who is not on my Friend List”.

Installing a firewall

A firewall is a program that monitors incoming and outgoing packets and performs a (preconfigured) action on them. What this means is that a firewall will check that data coming into your computer is from an expected (previously configured) address and that the data going out of your computer is from an expected (previously configured) program.

Any good firewall will do. I recommend Zone Alarm and Tiny Personal Firewall, both of which are excellent pieces of software.

Level II

A number of programs have been created to address the problem of stability. Use a search engine to locate these programs.

• Ym!lite – This program has no known boots.
  Update[April 21, 2003]: Ym!lite now supports cam and voice is under development.
• Yahelite – This is the most popular proggy out there. It supports
  voice chat and video cams.

[Created: January 17, 2003 | Last Updated: April 21, 2003]