Yahoo! Messenger Network Overrun By Bots
A large number of Yahoo!'s instant messenger chat rooms are being overrun by automated programs designed to hawk commercial services, Web sites and other wares, preventing millions of actual human users from joining most of the chat rooms on the company's network.
Normally, when Security Fix writes about automated robots or "bots," it's in the context of remote-controlled Microsoft Windows machines that have been hijacked by cyber crooks for use in online moneymaking schemes. In this case, however, we're talking mainly about relatively benign "chat bot" programs sold and marketed as walking billboards that lurk in the most popular chat rooms and periodically post links to various Web sites.
In a posting on the Yahoo! Messenger Blog subtitled "Bots, Bots and More Bots," product manager Sarah Bacon said the company was aware of the bot problem and was trying to devise a solution. "So stay tuned - we know this is a critical piece, if not the most important," she wrote.
From the tenor of the 620 comments that ensued, it appears many Yahoo! Messenger users are starting to tune out.
"Yahoo set out to fix a problem and the result is that you can not get into a room, or if you do the room is full of bots," wrote Yahoo! user "Bill," on Aug. 21.
Security Fix decided to download the latest (newly patched) version of Yahoo! Messenger and check out the situation last night. It wasn't pretty. Out of the 22 chat rooms I tried to join, only two let me in. The rest merely popped up a "Communications Problem" error message. One of the two that let me in (Amusement and Theme Park) appeared to be full of automated programs posting messages. The other summarily booted me from the room shortly after I joined.
I don't want to make light of Yahoo!'s network troubles, but I find it rather ironic that legitimate users are being kept off the network by bots whose sole purpose is to attract human eyeballs.
Yahoo! Issues Security Update for Messenger
Last week, Security Fix warned Yahoo! Messenger users to be wary of unexpected video chat invites from other Yahoo! instant messenger users, as the blueprints for exploiting security holes in the chat invite function of the program had been posted online. On Tuesday, Yahoo! issued an update to plug that hole.
This latest update, available at this link here, brings the Yahoo! Messenger program to version 188.8.131.526. Users who downloaded the program prior to Aug. 21, 2007, and wish to continue using it should update to this latest version.