Rule:

--
Sid:
2461

--
Summary:
This event is generated when a user on a host in your network that is 
running Yahoo Instant Messenger is viewing a webcam or listening to an 
audio message of another Yahoo IM user.

--
Impact:
Possible policy violation.  Instant Messenger programs may not be 
appropriate in certain network environments.

--
Detailed Information:
This event indicates that a Yahoo IM user in your network is requesting 
to view a webcam of another Yahoo IM user.  While there are no known 
exploits associated with showing or viewing webcams, or listening to 
audio messages.  it is possible that this activity is inappropriate in 
certain environments.

--
Affected Systems:
Any host running Yahoo Instant Messenger.

--
Attack Scenarios:
No known attack scenarios.

--
Ease of Attack:
No known attack scenarios.

--
False Positives:
None Known.

--
False Negatives:
It may be possible for Yahoo IM traffic to use other ports than the 
default expected ones.  

--
Corrective Action:
Disallow the use of IM clients on the protected network and enforce or 
implement an organization wide policy on the use of IM clients.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>
--
Additional References:
Yahoo Protocol
http://www.cse.iitb.ac.in/~varunk/YahooProtocol.htm

--