Security researchers at BitDefender are warning users about a new Yahoo! Messenger vulnerability that allows an attacker to change victims status updates. The vulnerability allows attackers to take advantage of the level of trust status messages have and potentially serve users with malicious links. Researchers say the vulnerability could also be used as part of an affiliate marketing scheme designed to push Web traffic to certain sites all while the victim remains blissfully unaware their status has been hijacked. Users can set Yahoo Messenger to ignore anyone not in their Yahoo contacts, though this will not address any attacks coming from contacts.
Source: https://threatpost.com/yahoo-messenger-exploit-changes-status-messages-120411/75955/