Yikes – Employees Are Using Yoics!

Matt Keil


Category: Uncategorized
 

No doubt the first question you might have is what is Yoics! Simply put, Yoics! is a remote desktop access application that has been found in many of our customer’s networks. It is a good example of the types of applications being found that are not necessarily endorsed by corporate policy.

Let’s take a quick look at what Yoics! is. Yoics! is targeted at end users as a means of accessing or sharing computing resources. It is not targeted at IT or support personnel. From their website:

“Yoics is a powerful network solution that transforms any computer or network attached device instantly into an easily accessible and shareable internet resource. Featuring an intuitive user interface, remote access and sharing has just gotten as easy as using instant messaging.”

Yoics! is a client/server application that uses port 80 or can hop from port to port (dynamic). This means that it looks like web traffic to a normal firewall. VNC (Virtual Network Computing) or Microsoft Remote Desktop (RDP) is used to establish the remote connection. The connection is secured using a random 160 bit key. Over that secure connection, a user can share their desktop, a folder, or a camera. Using the Yoics! NOW proxy, a user can also access internal network resources. While Yoics! is a client/server application that uses port 80, yoics.net is “firewall friendly because it uses SSL” through a web browser.

Firewall friendly because it uses SSL? That is pretty humorous really, given the business and security risks that might be introduced through the use of this application. More accurately, Yoics! is another proof-point to Mike’s blog from last week about ports and protocol being meaningless. Isn’t it time to fix the firewall?

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS