Yahoo! Protocol: Part 11 - Booters Introduction

For whatever reason, certain users feel the need to harass other citizens of the internet. The following is a typical scenario of what may cause a Yahoo! booter to be used. 

Bob is an average computer user that enjoys talking to his friends over Yahoo! Messenger. One day, Bob goes into a Yahoo! chat room to discuss the topics of the day.  After several minutes of intellectual discussion with members of the chat room, Jane joins the room.  From the very beginning, it is apparent that Jane is in the room to cause trouble and starts a flame war.  Bob and Jane quickly start to spar on various topics and in the process Jane becomes very angry with Bob.  Having a very volatile and sometimes hostile personality, Jane gets to the point where if she could, she would physically assault Bob.  Suddenly Jane leaves the chat room vowing that Bob would pay for his actions.  Given the nature of the internet, Jane can never physically harm Bob in real life, but she can cause trouble for him online.  Jane decides to strike back at Bob by making his online life extremely difficult.  Unbenounced to Bob, Jane is quite computer savvy and decides the best form of revenge is to use a booter on Bob.  Jane quickly refers to her stash of booter programs and picks her poison.  Using the interface of the booter program, Jane enters Bob’s username and the names of her Yahoo! bots and simply presses one button.  Almost instantly, Bob’s Yahoo! Messenger crashes telling him that an illegal operation has been performed and that the program must be shut down.  Unknowing what happened, Bob restarts messenger and starts talking again.  Within moments of signing back on Bob’s messenger crashes again.  As it turns out, Jane is quite vindictive and has performed this operation numerous times, essentially creating a denial of service attack on Bob.  Over the course of a week of attacks, Bob finally gives up and is forced to create a new username.  This process leaves Bob with no other choice but to recreate his buddy list, inform his friends of his new username, and create a new address book  Although no physical harm was placed on Bob, Jane did in fact make his Yahoo! experience, “YaHell”. 

Everyday new booters pop up on underground Yahoo! sites.  The purpose of these programs are to either crash Yahoo! Messenger, knock a user offline or make a user’s online experience terrible.  Booters usually work in one of two ways, exploiting holes in the messenger protocol client, or using multiple bots to flood a user offline. 

In the exploits camp, several holes have been found in either the Yahoo! protocol or in Messenger.  This type of booter usually causes Messenger to crash immediately with an error message, as shown in Figure 28.  This is usually accomplished by sending a malformed TCP YMSG header to the victim’s client.  These exploits only require one bot to accomplish their task.  A bot is just a Yahoo! ID currently logged into the Yahoo! Server.


Figure 28 - Yahoo! Messenger Crash after a Boot

The other way to crash Messenger is by causing a bot flood. The malicious user must first make a huge amount of bots (500-10,000).  The booter program then signs in all of the bots onto Yahoo!  Once sign-in is complete, every single bot sends a message to the victim all at once.  This creates several thousand messages hitting the victim at the same time and often crashes  the client in short order.  At the very least, the victim’s computer will be filled by IM messages and make the computer and Messenger unusable.  See Figure 5 for an example of bot flooding.  This method can be very time intensive in creating the bots, and is usually not worth the effort when trying to crash a regular Yahoo! Messenger client.  Bot flooding when coupled with about 5,000+ bots can bring down almost any client including some of the more secure clients, such as YahElite and YTunnel. 


Figure 29 - Bot Flooding

http://www.ycoderscookbook.com/

 

 

 

Comment/Reply (w/o sign-up)

Wow. I never knew of such a thing. I just hope I'm not targeted by someone like Jade! Honestly, I didn't think anybody could do such a thing from the safety of their home!

Comment/Reply (w/o sign-up)

Booters have been around since AIM first hit the scene. They exist for all major IM systems including AIM, Yahoo!, and MSN and are very real. I am mostly familiar with the Yahoo! variety of booters but I have seen some of the others in action also. Just stick around until I get to the good stuff. I still have sections on prevention and also some interesting (at least to me) research into if some forms of boots can be transformed into system compromises.

Comment/Reply (w/o sign-up)

This is really cool

-ronel

Comment/Reply (w/o sign-up)

Ytunnel pro
Yahoo! Protocol: Part 11 - Booters Introduction

Just so everyone know ytunnel is a very good anti-booter and you can get a free basic version that stops 99% of booters

Comment/Reply (w/o sign-up)

Booting in yahoo
Yahoo! Protocol: Part 11 - Booters Introduction

As I have been in yahoo chat rooms for many years it has gotten worse with the punks using booters to remove people from the rooms. I don't know why Yahoo don't fix this. I have been going to a place called Digital Space Traveler where you absolutely cannot boot because they use a completly different kinda set up. Why don't Yahoo contact the owners of this site and see what they are using to where maybe they can use the same thing to weed out all the booters and bots. Oh I forgot to mention...There are "NO" bots up there either. I write to Yahoo abuse all the time and I always get that reply telling you how you can put them on ignore and all this garbage and it don't work. There are programs out there that by-pass yahoo's ignore button. And the ignore button don't stop booters!, I know this as a fact! Yaho has the worst anti-abuse program on the inter net, unless they are threatend by the law or courts. The worst place to get hit by booters is the Kentucky and Tennessee chat rooms. The rednecks in there think they own Yahoo chat and boot you out if you don't think, talk, be nasty and rude like them. I use to build booters and a average computer savy person can build these. Yahoo needs to change thier system to where booters are useless. There are ways! Like I said before, Digital Space Traveler is a "MUCH better place to talk then Yahoo. No bots, No booting progran will work on there...Its been tried with all booters made to date and nothing works. The owners are the only ones that can remove you because there are actual real people in there 1/2 the time to help, solve problems, and to get rid of people that harrass others. Its 99% voice chat in Digital Space Traveler with a moving avatar, but you can send what they call a text message (instant message) and talk that way. Here is the link:http://travelersnetwork.Net/DSTrv203.Exe In conclusion...Yahoo needs to get thier act together and get a new system or actually put someone in the rooms to see whats going on and start weeding them out. But I guess they really don't care because they filed chapter 11 or 13 or whatever it was, so they arent going to even attempt to fix chat...Hope everyone like Yahoo now because it might not be here for long...Take care Yahoo chatters -feedback by Mark

 

 

 

Comment/Reply (w/o sign-up)