I know some friends in my buddy lists will not accept any file or link from their friends for security reasons. I don’t bother when a friend decline my request and i can understand that it is why cause they scare to be hacked.

Good news is if you have Norton Antivirus 2007 or 2008 or Norton Internet Security 2007 or 2008 you can stop being paronoid and start to accept files from your friends. All files will be scanned by Norton for virus or other malicious chits.

It is only for windows users and you should be using Yahoo! Messenger 9 +

Since i stopped using Norton Antivirus product years ago cause it thinks it is owner of my computer but hey it is my computer and i want to control it, i just scan every file i received with my current virus program before open it.

Two weeks ago a security patch was published for windows xp and Yahoo! Messenger v8.1 users and now they publish a security patch for vista users.

If you are using windows vista and Yahoo! Messenger 8.1 you should upgrade for security.If you are using version 8.1.0.401 you don’t need to update.

If you don’t know which version you are running and for update

A security update has been published for Yahoo! Messenger windows users.If your Yahoo! Messenger version lower than 8.1.0.401 they advice you to upgrade to the latest version.

How will i know which Yahoo! Messenger version i am using ?

- login to Yahoo! Messenger
- click on help tab at the top right
- hit on About Yahoo! Messenger

If your version number lower than 8.1.0.401 you don’t have the latest secure version.

As always when you get a file or link from someone take caution before you accept or click on them.

Get the latest Yahoo! Messenger version

This is a late but good step from Yahoo! offering cyber-safety games, weekly polls, educational videos, and expert advice from Yahoo! Tech bloggers, Yahoo! Safely is your child’s guide to exploring the Net safely.

Yahoo! Safely

Yahoo! just made a cool move for protect our Yahoo! accounts from phising sites .You can now customize your sign in box with a text,colour and even with a picture you have.

This will help you to know if you are really sign in to real Yahoo! website or a fake site for made to steal your password and other personal data, cool eh ?

Visit the Yahoo! sign-in seal page to setup your sign-in screen

Symantec and Yahoo plan to announce on Tuesday a partnership designed to improve online security for consumers.

The arrangement between the two companies will include “some new security offerings,” according to an e-mail sent to reporters by Yahoo public-relations representatives on Monday. Yahoo and Symantec officials declined further comment.

News of the new tie-up comes shortly after Yahoo rival AOL started testing a new security offering, dubbed Total Care, which it created largely in partnership with Symantec foe McAfee.

Yahoo and Symantec have a history of working together on products such as antivirus scanning for Yahoo’s Web-based e-mail service. However, users of the ATT Yahoo! Internet access service are currently offered security software in partnership with CA.

Symantec has many partnerships to get its products onto consumer PCs. These include a deal with Google to bundle a trial version of Symantec’s Norton AntiVirus 2005 Special Edition with Google Pack and an arrangement with Adobe Systems to advertise Norton alongside Adobe Acrobat Reader downloads.

Get 30 day free trial Norton Internet security provided by Yahoo! free

A mass-mail worm that exploits a vulnerability in Yahoo’s Web-based e-mail is making the rounds but the impact appears to be low, security vendor Symantec said today.

The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.

The worm, written in JavaScript, takes advantage of a vulnerability that allows scripts embedded in HTML e-mail to run in the users” browsers. Yahoo users should be able to modify their settings to block the zero-day exploit, Hogan said.

Symantec rated the worm a Level 2 threat, one notch above its least harmful ranking. Hogan said the worm did not appear to be spreading widely, and he did not anticipate the threat level rising.

How It Spreads

read rest of the article at PcMagazine

Security researchers have identified a new worm spreading across Yahoo’s instant messaging network that has been cloaked under the guise of a “safety” browser in an attempt to dupe users.

First discovered by anti-malware researchers at FaceTime Communications, the worm, labeled as yhoo32.explr, is forwarding itself throughout Yahoo’s IM system via the contact lists of people whose computers it has already been infected. Once loaded onto a PC, the malicious program automatically hijacks the computer’s existing browser home page and encourages users to visit a fraudulent Web site that attempts to load spyware programs onto their devices.

FaceTime researchers said they have observed two versions of the attack, one of which is a stand-alone application with no uninstaller that frequently disguises itself with a faked version of Microsoft’s Internet Explorer logo. The second, self-propagating iteration of the worm, uses an .exe file to spread the infection through the Yahoo Messenger directories.

Yahoo! representatives didn’t immediately return calls seeking comment on the IM virus.

Addition to prompting users to visit the malware-loaded Web site, the virus also plays looped guitar music whenever someone starts up a PC it has infected, or opens the fraudulent safety browser itself. FaceTime researchers said that the attack is the first form of virus they have encountered that installs its own Web browser on a PC without the user’s permission.

Phishers are trying to get hold of Yahoo! account details by targeting seemingly valueless sections of the site.

Instant messages started to appear this week asking unwitting recipients to check out pictures at an enclosed link. This led to a bogus Yahoo! Photos website where users were encouraged to input their account information.

“Yahoo! runs a syndicated username and password set-up across its entire online product portfolio. Therefore this attack using Yahoo! Photos is designed to steal such information,” said a spokesman at internet monitoring firm Websense which identified the scam.

“The Yahoo! portfolio includes a number of programmes that require the user to input personal data and, as such, contains broad potential rewards for cyber-criminals.”

Websense explained that the details could allow a thief to access and/or change financial and shipping account information for Yahoo’s Auctions service.

The Yahoo! Small Business service also allows space for small e-commerce sites, increasing the potential rewards for phishers.
By vnunet

The Santa Claus worm doesn’t care whether you’ve been naughty or nice, but it’s making a list of PCs to infect this holiday season, according to a threat alert released by security firm IMlogic today.

A new instant-messaging worm called IM.GiftCom.All is making the rounds this holiday season. Rated as a “medium” threat by IMlogic, the worm attempts to get users of the instant-messaging networks run by America Online, Yahoo, and Microsoft to visit a seemingly festive Web site featuring Santa Claus.

The message comes from someone already present on a user’s “buddy list,” said Art Gilliland, vice president of products for IMlogic. It contains a supposed link to a URL (uniform resource locator) starting with “santaclause.aol.com/a?|”

However, clicking on that link takes users to a different Web site and triggers the download of a malicious file to a user’s PC, Gilliland said. That file is created using rootkit techniques, making it extremely difficult to detect with conventional antivirus or operating system tools, he said. Once resident on a system, the file tries to shut down antivirus software and collects personal information that can be redistributed over the Internet.

IMlogic has not recorded an instance where that personal information was actually sent out to the Internet, but the program does log information, Gilliland said.

Don’t Click!

Users are advised to avoid clicking on anything sent through an instant-messaging system unless they have verified that the file or picture is legitimate and the sender intended to pass it along, Gilliland said. IMlogic recently identified an instant-messaging bot that produces canned assurances that a file is legitimate when the recipient replies to check its authenticity, so it’s important to take extra care to verify the sender’s intentions, he said.