Loading ...
Sorry, an error occurred while loading the content.

Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites

Expand Messages
  • adeomus ********
    why are people still clicking on links ?! it s been shown to be the single most hazardous thing to do. ..But magic has a habit of lying low, like a rake in the
    Message 1 of 17 , Mar 6, 2013
    • 0 Attachment

      why are people still clicking on links ?!
      it's been shown to be the single most hazardous thing to do.

      ..But magic has a habit of lying low, 
      like a rake in the grass.

      ~Terry Pratchett
      ~














      --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

      From: Bill Todd <bt542000@...>
      Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
      To: Y-Mail@yahoogroups.com
      Received: Wednesday, March 6, 2013, 2:23 PM



      its simple
      don't click on the link just delete the email

      On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
       

      There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

      This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

      http://www.iitp.org.nz/newsletter/article/414?utm_source=index

      Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

      The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




      --
      bill

      i own the following groups
      mrsp    non adult shares  ask for invite

      rapidsharevideo   ask for invite

    • Donna Lee
      Why is only affecting Yahoo email accounts too? Most of the accounts that have been hacked are those with a Yahoo email!   Donna Ford Lee Tulsa, OK
      Message 2 of 17 , Mar 6, 2013
      • 0 Attachment
        Why is only affecting Yahoo email accounts too?
        Most of the accounts that have been hacked are those with a Yahoo email!

         
        Donna Ford Lee
        Tulsa, OK


        From: adeomus ******** <carpediemadeomus@...>
        To: Y-Mail@yahoogroups.com
        Sent: Wednesday, March 6, 2013 7:21 PM
        Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites




        why are people still clicking on links ?!
        it's been shown to be the single most hazardous thing to do.

        ..But magic has a habit of lying low, 
        like a rake in the grass.

        ~Terry Pratchett
        ~







        --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

        From: Bill Todd <bt542000@...>
        Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
        To: Y-Mail@yahoogroups.com
        Received: Wednesday, March 6, 2013, 2:23 PM



        its simple
        don't click on the link just delete the email

        On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
         
        There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

        This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

        http://www.iitp.org.nz/newsletter/article/414?utm_source=index

        Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

        The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




        --
        bill

        i own the following groups
        mrsp    non adult shares  ask for invite

        rapidsharevideo   ask for invite





      • Shal Farley
        Lena, ... Or perhaps one of those plug-ins. I ve evicted Java from my computers -- too many zero-day exploits in a row, and I don t know why I had it. That is,
        Message 3 of 17 , Mar 6, 2013
        • 0 Attachment
          Lena,

          > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
          > (Java, Acrobat, Flash), ...
          > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.

          Or perhaps one of those plug-ins.

          I've evicted Java from my computers -- too many zero-day exploits in a row, and I don't know why I had it. That is, nothing I use daily has stopped working; no doubt I'll get a reminder eventually.
          <http://krebsonsecurity.com/2013/03/oracle-issues-emergency-java-update/>

          Acrobat, as a browser plug-in, has been eliminated for me by Firefox 19, but I still use it stand-alone with files I've created. Flash is a little more problematic as many sites I do use daily use Flash.

          > Another proof: I use Unix instead of Windows on my (usual) computer at
          > home, so I could safely experiment. I don't Sign Out of yahoo. An XSS
          > exploit should work with any browser under any operating system, however
          > I clicked links in several such spams but addresses in my webmail
          > address book and Sent folder weren't spammed.

          If the plug-ins are involved there may be more variables than just the OS. The victims may have had an outdated plug-in whereas you no doubt keep yours up-to-date, or possible don't use them.

          After all, we don't know what percentage of the people who received and clicked on such links were subsequently exploited. All we know is that it was apparently enough to propagate the problem to others. I'd actually expect that people prone to click on rogue links are also people prone to ignore updates, but that's just a stereotype in my mind.

          -- Shal
        • Sasafrass452
          But of course, not all links lead to a virus. Unless it s from someone you know, there s no reason NOT to click on it unless that person is unknowingly
          Message 4 of 17 , Mar 7, 2013
          • 0 Attachment
            But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
            
            **Sasafrass452**
            http://www.friendburst.com/Sasafrass452
            http://thexfactorusa.proboards.com
            http://angiemillerfans.proboards.com
            On 03/06/2013 08:21 PM, adeomus ******** wrote:
             


            why are people still clicking on links ?!
            it's been shown to be the single most hazardous thing to do.

            ..But magic has a habit of lying low, 
            like a rake in the grass.
            
            ~Terry Pratchett~
            


            
            
            
            









            --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

            From: Bill Todd <bt542000@...>
            Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
            To: Y-Mail@yahoogroups.com
            Received: Wednesday, March 6, 2013, 2:23 PM



            its simple
            don't click on the link just delete the email

            On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
             

            There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

            This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

            http://www.iitp.org.nz/newsletter/article/414?utm_source=index

            Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

            The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




            --
            bill

            i own the following groups
            mrsp    non adult shares  ask for invite

            rapidsharevideo   ask for invite


          • Sasafrass452
            Let me rephrase that.... IF it s from someone you know, there s no reasonnot to click on it.... **Sasafrass452** http://www.friendburst.com/Sasafrass452
            Message 5 of 17 , Mar 7, 2013
            • 0 Attachment
              Let me rephrase that.... IF it's from someone you know, there's no reason not to click on it....
              
              **Sasafrass452**
              http://www.friendburst.com/Sasafrass452
              http://thexfactorusa.proboards.com
              http://angiemillerfans.proboards.com
              On 03/07/2013 09:02 AM, Sasafrass452 wrote:
               

              But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
              **Sasafrass452**
              http://www.friendburst.com/Sasafrass452
              http://thexfactorusa.proboards.com
              http://angiemillerfans.proboards.com
              On 03/06/2013 08:21 PM, adeomus ******** wrote:
               


              why are people still clicking on links ?!
              it's been shown to be the single most hazardous thing to do.

              ..But magic has a habit of lying low, 
              like a rake in the grass.
              
              ~Terry Pratchett~
              


              
              
              
              









              --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

              From: Bill Todd <bt542000@...>
              Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
              To: Y-Mail@yahoogroups.com
              Received: Wednesday, March 6, 2013, 2:23 PM



              its simple
              don't click on the link just delete the email

              On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
               

              There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

              This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

              http://www.iitp.org.nz/newsletter/article/414?utm_source=index

              Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

              The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




              --
              bill

              i own the following groups
              mrsp    non adult shares  ask for invite

              rapidsharevideo   ask for invite



          • CB
            I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all the emails and folders were gone!!!!!! From: Sasafrass452 Sent: Thursday, March 07,
            Message 6 of 17 , Mar 7, 2013
            • 0 Attachment
              I can verify I DID NOT CLICK ON ANYTHING (or link)  I went online and all the emails and folders were gone!!!!!!

              Sent: Thursday, March 07, 2013 9:34 AM
              Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites

               

              Let me rephrase that.... IF it's from someone you know, there's no reason not to click on it....
              **Sasafrass452**
              http://www.friendburst.com/Sasafrass452
              http://thexfactorusa.proboards.com
              http://angiemillerfans.proboards.com
              On 03/07/2013 09:02 AM, Sasafrass452 wrote:
               

              But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
              **Sasafrass452**
              http://www.friendburst.com/Sasafrass452
              http://thexfactorusa.proboards.com
              http://angiemillerfans.proboards.com
              On 03/06/2013 08:21 PM, adeomus ******** wrote:
               


              why are people still clicking on links ?!
              it's been shown to be the single most hazardous thing to do.

              ..But magic has a habit of lying low, 
              like a rake in the grass.
              
              ~Terry Pratchett~
              


              
              
              
              

              
              









              --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

              From: Bill Todd <bt542000@...>
              Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
              To: Y-Mail@yahoogroups.com
              Received: Wednesday, March 6, 2013, 2:23 PM



              its simple
              don't click on the link just delete the email

              On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
               

              There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

              This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

              http://www.iitp.org.nz/newsletter/article/414?utm_source=index

              Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

              The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




              --
              bill

              i own the following groups
              mrsp    non adult shares  ask for invite

              rapidsharevideo   ask for invite



            • adeomus ********
              and what about the spoofing i ve been hearing about, for example ? even visible ones can be overlooked, for example: someone sent a link to our groups with
              Message 7 of 17 , Mar 7, 2013
              • 0 Attachment

                and what about the spoofing i've been hearing about, for example ?

                even visible ones can be overlooked, for example:
                someone sent a link to our groups with something like you-tube........
                people were clicking on it before i noticed it !

                 a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
                i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
                i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

                even friends might not know they are not sending a " real" link.

                yes, most links are ok, but better take a second more to be safe, than ever sorry.

                ..But magic has a habit of lying low, 
                like a rake in the grass.

                ~Terry Pratchett
                ~














                --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

                From: Sasafrass452 <Sasafrass452@...>
                Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                To: Y-Mail@yahoogroups.com
                Received: Thursday, March 7, 2013, 9:02 AM



                But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
                **Sasafrass452**
                http://www.friendburst.com/Sasafrass452
                http://thexfactorusa.proboards.com
                http://angiemillerfans.proboards.com
                On 03/06/2013 08:21 PM, adeomus ******** wrote:
                 


                why are people still clicking on links ?!
                it's been shown to be the single most hazardous thing to do.

                ..But magic has a habit of lying low, 
                like a rake in the grass.
                
                ~Terry Pratchett~
                


                
                
                
                









                --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

                From: Bill Todd <bt542000@...>
                Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                To: Y-Mail@yahoogroups.com
                Received: Wednesday, March 6, 2013, 2:23 PM



                its simple
                don't click on the link just delete the email

                On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
                 

                There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

                This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

                http://www.iitp.org.nz/newsletter/article/414?utm_source=index

                Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

                The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




                --
                bill

                i own the following groups
                mrsp    non adult shares  ask for invite

                rapidsharevideo   ask for invite




              • Sasafrass452
                If you have a good eye, you ll see the dash & know it s not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise.
                Message 8 of 17 , Mar 7, 2013
                • 0 Attachment
                  If you have a good eye, you'll see the dash & know it's not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise. Unfortunately, you didn't heed that advice & nearly lost everything, but I'm sure you're much more cautious now, as a result.... Just remember, if a malicious link comes from a friend or relative, that's when you become the hero by calling & alerting them that their computer is infected ;) It's happened to my aunt a few times, & she needed help to clean up her system.... The problem is that many people aren't educated enough to keep their computers clean, or they're just plain gullible & download or click on anything that pops up on their screen.
                  
                  **Sasafrass452**
                  http://www.friendburst.com/Sasafrass452
                  http://thexfactorusa.proboards.com
                  http://angiemillerfans.proboards.com
                  On 03/07/2013 04:34 PM, adeomus ******** wrote:
                   


                  and what about the spoofing i've been hearing about, for example ?

                  even visible ones can be overlooked, for example:
                  someone sent a link to our groups with something like you-tube........
                  people were clicking on it before i noticed it !

                   a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
                  i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
                  i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

                  even friends might not know they are not sending a " real" link.

                  yes, most links are ok, but better take a second more to be safe, than ever sorry.

                  ..But magic has a habit of lying low, 
                  like a rake in the grass.
                  
                  ~Terry Pratchett~
                  


                  
                  
                  
                  









                  --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

                  From: Sasafrass452 <Sasafrass452@...>
                  Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                  To: Y-Mail@yahoogroups.com
                  Received: Thursday, March 7, 2013, 9:02 AM



                  But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
                  **Sasafrass452**
                  http://www.friendburst.com/Sasafrass452
                  http://thexfactorusa.proboards.com
                  http://angiemillerfans.proboards.com
                  On 03/06/2013 08:21 PM, adeomus ******** wrote:
                   


                  why are people still clicking on links ?!
                  it's been shown to be the single most hazardous thing to do.

                  ..But magic has a habit of lying low, 
                  like a rake in the grass.
                  
                  ~Terry Pratchett~
                  


                  
                  
                  
                  









                  --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

                  From: Bill Todd <bt542000@...>
                  Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                  To: Y-Mail@yahoogroups.com
                  Received: Wednesday, March 6, 2013, 2:23 PM



                  its simple
                  don't click on the link just delete the email

                  On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
                   

                  There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

                  This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

                  http://www.iitp.org.nz/newsletter/article/414?utm_source=index

                  Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

                  The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




                  --
                  bill

                  i own the following groups
                  mrsp    non adult shares  ask for invite

                  rapidsharevideo   ask for invite





                • Shal Farley
                  CB, If you mean the incident where many people found their accounts suddenly needed to be re-activated, and after doing that their emails were gone, then I
                  Message 9 of 17 , Mar 7, 2013
                  • 0 Attachment
                    CB,

                    If you mean the incident where many people found their accounts suddenly
                    needed to be re-activated, and after doing that their emails were gone,
                    then I think that was a Yahoo Glitch, and not a consequence of the
                    emails with rogue links.

                    Or, at least not related in any direct way.

                    -- Shal


                    On 3/7/2013 10:31 AM, CB wrote:
                    >
                    > I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all
                    > the emails and folders were gone!!!!!!
                  • adeomus ********
                    the you-tube thing i caught, but the email thing looked completely legit. ( it was a popular ecard site used by many of us at the time). there was no way to
                    Message 10 of 17 , Mar 7, 2013
                    • 0 Attachment

                      the you-tube thing i caught, but the email thing looked completely legit.
                      ( it was a popular ecard site used by many of us at the time).

                      there was no way to know the ecard thing was not right.

                      ..But magic has a habit of lying low, 
                      like a rake in the grass.

                      ~Terry Pratchett
                      ~














                      --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

                      From: Sasafrass452 <Sasafrass452@...>
                      Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                      To: Y-Mail@yahoogroups.com
                      Received: Thursday, March 7, 2013, 5:18 PM



                      If you have a good eye, you'll see the dash & know it's not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise. Unfortunately, you didn't heed that advice & nearly lost everything, but I'm sure you're much more cautious now, as a result.... Just remember, if a malicious link comes from a friend or relative, that's when you become the hero by calling & alerting them that their computer is infected ;) It's happened to my aunt a few times, & she needed help to clean up her system.... The problem is that many people aren't educated enough to keep their computers clean, or they're just plain gullible & download or click on anything that pops up on their screen.
                      **Sasafrass452**
                      http://www.friendburst.com/Sasafrass452
                      http://thexfactorusa.proboards.com
                      http://angiemillerfans.proboards.com
                      On 03/07/2013 04:34 PM, adeomus ******** wrote:
                       


                      and what about the spoofing i've been hearing about, for example ?

                      even visible ones can be overlooked, for example:
                      someone sent a link to our groups with something like you-tube........
                      people were clicking on it before i noticed it !

                       a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
                      i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
                      i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

                      even friends might not know they are not sending a " real" link.

                      yes, most links are ok, but better take a second more to be safe, than ever sorry.

                      ..But magic has a habit of lying low, 
                      like a rake in the grass.
                      
                      ~Terry Pratchett~
                      


                      
                      
                      
                      









                      --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

                      From: Sasafrass452 <Sasafrass452@...>
                      Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                      To: Y-Mail@yahoogroups.com
                      Received: Thursday, March 7, 2013, 9:02 AM



                      But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
                      **Sasafrass452**
                      http://www.friendburst.com/Sasafrass452
                      http://thexfactorusa.proboards.com
                      http://angiemillerfans.proboards.com
                      On 03/06/2013 08:21 PM, adeomus ******** wrote:
                       


                      why are people still clicking on links ?!
                      it's been shown to be the single most hazardous thing to do.

                      ..But magic has a habit of lying low, 
                      like a rake in the grass.
                      
                      ~Terry Pratchett~
                      


                      
                      
                      
                      









                      --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

                      From: Bill Todd <bt542000@...>
                      Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                      To: Y-Mail@yahoogroups.com
                      Received: Wednesday, March 6, 2013, 2:23 PM



                      its simple
                      don't click on the link just delete the email

                      On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
                       

                      There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

                      This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

                      http://www.iitp.org.nz/newsletter/article/414?utm_source=index

                      Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

                      The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




                      --
                      bill

                      i own the following groups
                      mrsp    non adult shares  ask for invite

                      rapidsharevideo   ask for invite







                    • lena_kiev
                      ... Only or most? Big difference.
                      Message 11 of 17 , Mar 7, 2013
                      • 0 Attachment
                        > From: Donna Lee <donna74128@...>
                        >
                        > Why is only affecting Yahoo email accounts too?
                        > Most of the accounts that have been hacked are those with a Yahoo email!

                        Only or most? Big difference.
                      • Shal Farley
                        Sasafrass, ... It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain
                        Message 12 of 17 , Mar 7, 2013
                        • 0 Attachment
                          Sasafrass,

                          > If you have a good eye, you'll see the dash & know it's not really a
                          > youtube link. So yes, taking 2 or 3 seconds to inspect the url is always
                          > wise.

                          It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain names we could see malicious sites named with characters that look like ASCII (Roman) letters, but aren't.

                          "IDN homograph attack"
                          <http://en.wikipedia.org/wiki/IDN_homograph_attack>

                          -- Shal
                          "Never give a sucker an even break" has never been truer.
                        • lena_kiev
                          ... 3D molecule viewer I sometimes use is Java-based. I use QuickJava add-on for Firefox and keep Java normally turned off. I also use FlashBlock add-on. ...
                          Message 13 of 17 , Mar 7, 2013
                          • 0 Attachment
                            > From: Shal Farley <shal@...>

                            > > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
                            > > (Java, Acrobat, Flash), ...
                            > > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.
                            >
                            > Or perhaps one of those plug-ins.
                            >
                            > I've evicted Java from my computers -- too many zero-day exploits in
                            > a row, and I don't know why I had it. That is, nothing I use daily
                            > has stopped working; no doubt I'll get a reminder eventually.

                            3D molecule viewer I sometimes use is Java-based.
                            I use QuickJava add-on for Firefox and keep Java normally turned off.
                            I also use FlashBlock add-on.

                            > > I use Unix instead of Windows on my (usual) computer at
                            > > home, so I could safely experiment.

                            > If the plug-ins are involved there may be more variables than just
                            > the OS. The victims may have had an outdated plug-in whereas you no
                            > doubt keep yours up-to-date, or possible don't use them.

                            Currently for FreeBSD only Flash 11.2r202.273 is available.
                            However, exploits can work under Windows only: code written for Windows
                            can work under another operating system only under an emulator
                            such as Wine, but Firefox works not under Wine.

                            > we don't know what percentage of the people who received
                            > and clicked on such links were subsequently exploited.

                            The numbers (about 10-15% IIRC) are in a couple articles among these:
                            http://blog.webroot.com/2011/10/31/outdated-operating-system-this-blackhole-exploit-kit-has-you-in-its-sights/
                            http://blog.webroot.com/2012/07/06/117000-unique-u-s-visitors-offered-for-malware-conversion/
                            http://blog.webroot.com/2012/10/31/nuclear-exploit-pack-goes-2-0/
                            http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf
                            http://blog.trendmicro.com/trendlabs-security-intelligence/a-refresher-on-spam-and-exploits/
                            http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-blackhole-spam/

                            > All we know
                            > is that it was apparently enough to propagate the problem to others.
                            > I'd actually expect that people prone to click on rogue links are
                            > also people prone to ignore updates, but that's just a stereotype in
                            > my mind.

                            I agree. But under Windows timely updates are not enough because of
                            zero-day exploits (of plugins, browsers and Windows)
                            and because the felons steal FTP passwords and contaminate
                            legitimate websites too.
                          • Donna Lee
                            Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding
                            Message 14 of 17 , Mar 8, 2013
                            • 0 Attachment
                              Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding the account is placed in the subject line. I just got one from my brother and he has a Yahoo account.

                              Donna Ford Lee ♂+♀=♡
                              Tulsa, OK

                              Don't cry because it's over,
                              smile because it happened.

                              Sent Via My iPhone
                            • Your message has been successfully submitted and would be delivered to recipients shortly.