Rule: -- Sid: 2461 -- Summary: This event is generated when a user on a host in your network that is running Yahoo Instant Messenger is viewing a webcam or listening to an audio message of another Yahoo IM user. -- Impact: Possible policy violation. Instant Messenger programs may not be appropriate in certain network environments. -- Detailed Information: This event indicates that a Yahoo IM user in your network is requesting to view a webcam of another Yahoo IM user. While there are no known exploits associated with showing or viewing webcams, or listening to audio messages. it is possible that this activity is inappropriate in certain environments. -- Affected Systems: Any host running Yahoo Instant Messenger. -- Attack Scenarios: No known attack scenarios. -- Ease of Attack: No known attack scenarios. -- False Positives: None Known. -- False Negatives: It may be possible for Yahoo IM traffic to use other ports than the default expected ones. -- Corrective Action: Disallow the use of IM clients on the protected network and enforce or implement an organization wide policy on the use of IM clients. -- Contributors: Sourcefire Research Team Judy Novak <judy.novak@sourcefire.com> -- Additional References: Yahoo Protocol http://www.cse.iitb.ac.in/~varunk/YahooProtocol.htm --