Happy FOSS

Opensource, Technology, Programming & Computer Science

Yahoo Messenger vulnerability

I got a message from my friend on yahoo messenger containing the following ftp url of an exe file ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/selfextract.exe

Please beware about downloading that exe file as it could be malicious.

Someone can disassemble it and find out whats in it

jun 17 2008:

As i am getting lot of hits for this topic, and i myself got such links from my yahoo network friends.

I guess the vulnerability in yahoo messenger has not been fixed.

This vulnerability of yahoo messenger could be exploited, so beware of exe spreading across yahoo messenger that is sent without the knowledge of the person from whom you got it. It could be malicious.


March 27, 2008 - Posted by | Security | , ,


  1. can u tell me what is the file about and iam not able to download that file…….

    Comment by what is the file for | April 7, 2008 | Reply

  2. Nothing in that url. the folder is empty, dont wast your time on the below url

    Comment by Tiger | April 8, 2008 | Reply

  3. My thought is “what if tomorrow a malicious exe’s link spreads on yahoo messenger network ?”

    There must be some flaw in yahoo messenger as the user doesnt know such things are being sent from his id !

    making yahoo users vulnerable

    Comment by Din | April 8, 2008 | Reply

  4. WHY SUH A DECEIVE ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/selfextract.exe
    dooes not exist why should one have to waste time on such

    Comment by R | May 20, 2008 | Reply

  5. ok well this is weird really

    Comment by janette | July 23, 2008 | Reply

  6. i dont understand what’s the importance of it. really!!!!!

    Comment by eilsel | August 29, 2008 | Reply

  7. @ eilsel
    Never click on hyperlinks received from your friends on yahoo network, which was sent without your friend’s knowledge

    Comment by Din | August 29, 2008 | Reply

  8. Nfs carbon download ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/selfextract.exe i have also same problem in my yahoo massenger .this link automatically send to my all yhaoo messenger friends.i think this is virus? plz help me

    Comment by rinku_saini76@yahoo.co.in | October 23, 2008 | Reply

  9. @above
    Dont click on any such EXE they could be harmful, unless you download EXE’s from trusted site or if you are sure that such EXE’s are trusted.

    Comment by Din | October 23, 2008 | Reply

  10. pls how do i solve the self extract problem

    Comment by kingsley | January 28, 2009 | Reply

    • Simple, dont click on any such links.

      Comment by Din | January 31, 2009 | Reply

  11. hey guys,
    The only way to get rid of this, plz get into linux:

    For windows users:
    better to clean your web browser cache and reinstall your yahoo messenger.

    Comment by Linux Advisor | April 5, 2009 | Reply

  12. Hi Guys…

    I accidently pasted this on google search box… but to my atonishment i saw this FTP link.

    “Nfs carbon download ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/selfextract.exe

    Which download “selfextract.exe” and installs itself on the system.

    If any messengers are loggedin including Yahoo Messenger & GTalk — finds the status of loggedin friends and auto posts messages to them.

    I guess it has keylogger capabilities too… the origin is unknown but it is DANGEROUS INDEED FOR PERSONAL SECURITY AND DETAILS…

    Comment by bharadwaj | December 28, 2009 | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: