Rule:

--
Sid:
2460

--
Summary:
This event is generated when a host in your network that has Yahoo 
Instant Messenger running requests to view a webcam listen to an audio 
message of another Yahoo IM user. 

--
Impact:
Possible policy violation.  Instant Messenger programs may not be 
appropriate in certain network environments.

--
Detailed Information:
This event indicates that a Yahoo IM user in your network is requesting 
to view a webcam or listen to an audio message of another Yahoo IM user.
While there are no known exploits associated with showing or viewing 
webcams, it is possible that this activity is inappropriate in certain 
environments.

--
Affected Systems:
Any host running Yahoo Instant Messenger.

--
Attack Scenarios:
No known attack scenarios.

--
Ease of Attack:
No known attack scenarios.

--
False Positives:
None Known.

--
False Negatives:
It may be possible for Yahoo IM traffic to use other ports than the 
default expected ones.  

--
Corrective Action:
Disallow the use of IM clients on the protected network and enforce or 
implement an organization wide policy on the use of IM clients.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>
--
Additional References:
Yahoo Protocol
http://www.cse.iitb.ac.in/~varunk/YahooProtocol.htm

--