For whatever reason, certain users feel the need to harass other citizens of the internet. The following is a typical scenario of what may cause a Yahoo! booter to be used. 

Bob is an average computer user that enjoys talking to his friends over Yahoo! Messenger. One day, Bob goes into a Yahoo! chat room to discuss the topics of the day.  After several minutes of intellectual discussion with members of the chat room, Jane joins the room.  From the very beginning, it is apparent that Jane is in the room to cause trouble and starts a flame war.  Bob and Jane quickly start to spar on various topics and in the process Jane becomes very angry with Bob.  Having a very volatile and sometimes hostile personality, Jane gets to the point where if she could, she would physically assault Bob.  Suddenly Jane leaves the chat room vowing that Bob would pay for his actions.  Given the nature of the internet, Jane can never physically harm Bob in real life, but she can cause trouble for him online.  Jane decides to strike back at Bob by making his online life extremely difficult.  Unbenounced to Bob, Jane is quite computer savvy and decides the best form of revenge is to use a booter on Bob.  Jane quickly refers to her stash of booter programs and picks her poison.  Using the interface of the booter program, Jane enters Bob’s username and the names of her Yahoo! bots and simply presses one button.  Almost instantly, Bob’s Yahoo! Messenger crashes telling him that an illegal operation has been performed and that the program must be shut down.  Unknowing what happened, Bob restarts messenger and starts talking again.  Within moments of signing back on Bob’s messenger crashes again.  As it turns out, Jane is quite vindictive and has performed this operation numerous times, essentially creating a denial of service attack on Bob.  Over the course of a week of attacks, Bob finally gives up and is forced to create a new username.  This process leaves Bob with no other choice but to recreate his buddy list, inform his friends of his new username, and create a new address book  Although no physical harm was placed on Bob, Jane did in fact make his Yahoo! experience, “YaHell”. 

Everyday new booters pop up on underground Yahoo! sites.  The purpose of these programs are to either crash Yahoo! Messenger, knock a user offline or make a user’s online experience terrible.  Booters usually work in one of two ways, exploiting holes in the messenger protocol client, or using multiple bots to flood a user offline. 

In the exploits camp, several holes have been found in either the Yahoo! protocol or in Messenger.  This type of booter usually causes Messenger to crash immediately with an error message, as shown in Figure 28.  This is usually accomplished by sending a malformed TCP YMSG header to the victim’s client.  These exploits only require one bot to accomplish their task.  A bot is just a Yahoo! ID currently logged into the Yahoo! Server.


Figure 28 - Yahoo! Messenger Crash after a Boot

The other way to crash Messenger is by causing a bot flood. The malicious user must first make a huge amount of bots (500-10,000).  The booter program then signs in all of the bots onto Yahoo!  Once sign-in is complete, every single bot sends a message to the victim all at once.  This creates several thousand messages hitting the victim at the same time and often crashes  the client in short order.  At the very least, the victim’s computer will be filled by IM messages and make the computer and Messenger unusable.  See Figure 5 for an example of bot flooding.  This method can be very time intensive in creating the bots, and is usually not worth the effort when trying to crash a regular Yahoo! Messenger client.  Bot flooding when coupled with about 5,000+ bots can bring down almost any client including some of the more secure clients, such as YahElite and YTunnel. 


Figure 29 - Bot Flooding

http://www.ycoderscookbook.com/

This post has been edited by tansqrx: May 11 2006, 06:18 AM

Wow. I never knew of such a thing. I just hope I'm not targeted by someone like Jade! Honestly, I didn't think anybody could do such a thing from the safety of their home!

Booters have been around since AIM first hit the scene. They exist for all major IM systems including AIM, Yahoo!, and MSN and are very real. I am mostly familiar with the Yahoo! variety of booters but I have seen some of the others in action also. Just stick around until I get to the good stuff. I still have sections on prevention and also some interesting (at least to me) research into if some forms of boots can be transformed into system compromises.

This is really cool

-ronel

Ytunnel pro
Yahoo! Protocol: Part 11 - Booters Introduction

Just so everyone know ytunnel is a very good anti-booter and you can get a free basic version that stops 99% of booters