BitDefender researchers have uncovered a security flaw in Yahoo Messenger that allows an attacker to change a user's status message.

"The attacker sends a supposed file to a target that is actually an iframe that swaps the status message for the attacker's customised text, as explained in a blog post by net security firm BitDefender here," writes The Register's John Leyden.

"If successfully executed, a victim will have no indication that his or her status message has been rewritten," Leyden writes. "The ruse might be used to gain affiliate incomes by promoting dodgy sites as well as directing users towards sites loaded with exploits or scareware scams."

Go to "Yahoo! O-day! exploit! hijacks! status! updates!" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.