It's yahoo's vulnerability, but from what I understand, the actual hack takes place via a malicious ad anywhere online, and involves something called cross-site scripting, or xss. This has been going on for months. If anyone gets an email from anyone else with just a garbled-looking link, don't click the link, but maybe use another means of communication (facebook, actually logging on to yahoo group with a browser to message, etc.) to let them know you got a suspect email. The hack starts on a computer logged into the victims email, but once yahoo mail credentials are obtained, will continue even after a wipe/reinstall, because it doesn't just stay on the originally infected computer. Also, because the whole thing sends its payload and returns credentials through a browser, that is where the actual attack takes place, making it OS-independent, however, since you say you are on linux, that tends to indicate more secure general practices online (like not clicking email links), which may be why your account has stayed ok, while your close ones were affected.
I think that's as concise as I can put the situation, but plenty more info is coming out about yahoo mail's vulnerability and their failure for months now to fix it, despite repeated public warnings it is not fixed yet. Google is a great tool. :)
I am trying to determine how this Yahoo spam works.
My wife and kids use windows computers with firefox and they were hacked.
I use linux with firefox and I have not been hacked.
Is the hacking coming from our computers or is it a Yahoo issue itself and I'm just lucky?
Mark
From: Eric <ewdysar@yahoo.com>
To: electricboats@yahoogroups.com
Sent: Thursday, March 7, 2013 5:52:08 PM
Subject: [Electric Boats] OT: reducing spam on the group
I would suggest that everyone remove any Yahoo group email addresses from your contact lists (it's not like you need to write emails to a Yahoo group, most people can just hit reply to their email notification or post a message inside the Yahoo group itself) so that if your contact list gets hacked, you won't be sending spam to hundreds (maybe thousands) of people's mailboxes with a single group address.
I know this works because my account was hacked about a couple of months ago and my Yahoo contact list was used to send out a few spam blasts. You didn't see any of that here (or on any of the other Yahoo groups that I belong to) because I don't have any of my Yahoo group addresses in my contact list.
Fair winds (with less spam),
Eric
Marina del Rey, CA
Reply via web post | Reply to sender | Reply to group | Start a New Topic | Messages in this topic (4) |
No comments:
Post a Comment