Loading ...
Sorry, an error occurred while loading the content.

Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites

Expand Messages
  • Donna Lee
    Why is only affecting Yahoo email accounts too? Most of the accounts that have been hacked are those with a Yahoo email!   Donna Ford Lee Tulsa, OK
    Message 1 of 17 , Mar 6, 2013
    • 0 Attachment
      Why is only affecting Yahoo email accounts too?
      Most of the accounts that have been hacked are those with a Yahoo email!

       
      Donna Ford Lee
      Tulsa, OK


      From: adeomus ******** <carpediemadeomus@...>
      To: Y-Mail@yahoogroups.com
      Sent: Wednesday, March 6, 2013 7:21 PM
      Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites




      why are people still clicking on links ?!
      it's been shown to be the single most hazardous thing to do.

      ..But magic has a habit of lying low, 
      like a rake in the grass.

      ~Terry Pratchett
      ~







      --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

      From: Bill Todd <bt542000@...>
      Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
      To: Y-Mail@yahoogroups.com
      Received: Wednesday, March 6, 2013, 2:23 PM



      its simple
      don't click on the link just delete the email

      On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
       
      There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

      This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

      http://www.iitp.org.nz/newsletter/article/414?utm_source=index

      Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

      The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




      --
      bill

      i own the following groups
      mrsp    non adult shares  ask for invite

      rapidsharevideo   ask for invite





    • Shal Farley
      Lena, ... Or perhaps one of those plug-ins. I ve evicted Java from my computers -- too many zero-day exploits in a row, and I don t know why I had it. That is,
      Message 2 of 17 , Mar 6, 2013
      • 0 Attachment
        Lena,

        > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
        > (Java, Acrobat, Flash), ...
        > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.

        Or perhaps one of those plug-ins.

        I've evicted Java from my computers -- too many zero-day exploits in a row, and I don't know why I had it. That is, nothing I use daily has stopped working; no doubt I'll get a reminder eventually.
        <http://krebsonsecurity.com/2013/03/oracle-issues-emergency-java-update/>

        Acrobat, as a browser plug-in, has been eliminated for me by Firefox 19, but I still use it stand-alone with files I've created. Flash is a little more problematic as many sites I do use daily use Flash.

        > Another proof: I use Unix instead of Windows on my (usual) computer at
        > home, so I could safely experiment. I don't Sign Out of yahoo. An XSS
        > exploit should work with any browser under any operating system, however
        > I clicked links in several such spams but addresses in my webmail
        > address book and Sent folder weren't spammed.

        If the plug-ins are involved there may be more variables than just the OS. The victims may have had an outdated plug-in whereas you no doubt keep yours up-to-date, or possible don't use them.

        After all, we don't know what percentage of the people who received and clicked on such links were subsequently exploited. All we know is that it was apparently enough to propagate the problem to others. I'd actually expect that people prone to click on rogue links are also people prone to ignore updates, but that's just a stereotype in my mind.

        -- Shal
      • CB
        I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all the emails and folders were gone!!!!!! From: Sasafrass452 Sent: Thursday, March 07,
        Message 3 of 17 , Mar 7, 2013
        • 0 Attachment
          I can verify I DID NOT CLICK ON ANYTHING (or link)  I went online and all the emails and folders were gone!!!!!!

          Sent: Thursday, March 07, 2013 9:34 AM
          Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites

           

          Let me rephrase that.... IF it's from someone you know, there's no reason not to click on it....
          **Sasafrass452**
          http://www.friendburst.com/Sasafrass452
          http://thexfactorusa.proboards.com
          http://angiemillerfans.proboards.com
          On 03/07/2013 09:02 AM, Sasafrass452 wrote:
           

          But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
          **Sasafrass452**
          http://www.friendburst.com/Sasafrass452
          http://thexfactorusa.proboards.com
          http://angiemillerfans.proboards.com
          On 03/06/2013 08:21 PM, adeomus ******** wrote:
           


          why are people still clicking on links ?!
          it's been shown to be the single most hazardous thing to do.

          ..But magic has a habit of lying low, 
          like a rake in the grass.
          
          ~Terry Pratchett~
          


          
          
          
          

          
          









          --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

          From: Bill Todd <bt542000@...>
          Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
          To: Y-Mail@yahoogroups.com
          Received: Wednesday, March 6, 2013, 2:23 PM



          its simple
          don't click on the link just delete the email

          On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
           

          There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

          This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

          http://www.iitp.org.nz/newsletter/article/414?utm_source=index

          Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

          The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




          --
          bill

          i own the following groups
          mrsp    non adult shares  ask for invite

          rapidsharevideo   ask for invite



      • adeomus ********
        and what about the spoofing i ve been hearing about, for example ? even visible ones can be overlooked, for example: someone sent a link to our groups with
        Message 4 of 17 , Mar 7, 2013
        • 0 Attachment

          and what about the spoofing i've been hearing about, for example ?

          even visible ones can be overlooked, for example:
          someone sent a link to our groups with something like you-tube........
          people were clicking on it before i noticed it !

           a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
          i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
          i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

          even friends might not know they are not sending a " real" link.

          yes, most links are ok, but better take a second more to be safe, than ever sorry.

          ..But magic has a habit of lying low, 
          like a rake in the grass.

          ~Terry Pratchett
          ~














          --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

          From: Sasafrass452 <Sasafrass452@...>
          Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
          To: Y-Mail@yahoogroups.com
          Received: Thursday, March 7, 2013, 9:02 AM



          But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
          **Sasafrass452**
          http://www.friendburst.com/Sasafrass452
          http://thexfactorusa.proboards.com
          http://angiemillerfans.proboards.com
          On 03/06/2013 08:21 PM, adeomus ******** wrote:
           


          why are people still clicking on links ?!
          it's been shown to be the single most hazardous thing to do.

          ..But magic has a habit of lying low, 
          like a rake in the grass.
          
          ~Terry Pratchett~
          


          
          
          
          









          --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

          From: Bill Todd <bt542000@...>
          Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
          To: Y-Mail@yahoogroups.com
          Received: Wednesday, March 6, 2013, 2:23 PM



          its simple
          don't click on the link just delete the email

          On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
           

          There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

          This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

          http://www.iitp.org.nz/newsletter/article/414?utm_source=index

          Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

          The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




          --
          bill

          i own the following groups
          mrsp    non adult shares  ask for invite

          rapidsharevideo   ask for invite




        • Sasafrass452
          If you have a good eye, you ll see the dash & know it s not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise.
          Message 5 of 17 , Mar 7, 2013
          • 0 Attachment
            If you have a good eye, you'll see the dash & know it's not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise. Unfortunately, you didn't heed that advice & nearly lost everything, but I'm sure you're much more cautious now, as a result.... Just remember, if a malicious link comes from a friend or relative, that's when you become the hero by calling & alerting them that their computer is infected ;) It's happened to my aunt a few times, & she needed help to clean up her system.... The problem is that many people aren't educated enough to keep their computers clean, or they're just plain gullible & download or click on anything that pops up on their screen.
            
            **Sasafrass452**
            http://www.friendburst.com/Sasafrass452
            http://thexfactorusa.proboards.com
            http://angiemillerfans.proboards.com
            On 03/07/2013 04:34 PM, adeomus ******** wrote:
             


            and what about the spoofing i've been hearing about, for example ?

            even visible ones can be overlooked, for example:
            someone sent a link to our groups with something like you-tube........
            people were clicking on it before i noticed it !

             a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
            i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
            i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

            even friends might not know they are not sending a " real" link.

            yes, most links are ok, but better take a second more to be safe, than ever sorry.

            ..But magic has a habit of lying low, 
            like a rake in the grass.
            
            ~Terry Pratchett~
            


            
            
            
            









            --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

            From: Sasafrass452 <Sasafrass452@...>
            Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
            To: Y-Mail@yahoogroups.com
            Received: Thursday, March 7, 2013, 9:02 AM



            But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
            **Sasafrass452**
            http://www.friendburst.com/Sasafrass452
            http://thexfactorusa.proboards.com
            http://angiemillerfans.proboards.com
            On 03/06/2013 08:21 PM, adeomus ******** wrote:
             


            why are people still clicking on links ?!
            it's been shown to be the single most hazardous thing to do.

            ..But magic has a habit of lying low, 
            like a rake in the grass.
            
            ~Terry Pratchett~
            


            
            
            
            









            --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

            From: Bill Todd <bt542000@...>
            Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
            To: Y-Mail@yahoogroups.com
            Received: Wednesday, March 6, 2013, 2:23 PM



            its simple
            don't click on the link just delete the email

            On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
             

            There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

            This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

            http://www.iitp.org.nz/newsletter/article/414?utm_source=index

            Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

            The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




            --
            bill

            i own the following groups
            mrsp    non adult shares  ask for invite

            rapidsharevideo   ask for invite





          • Shal Farley
            CB, If you mean the incident where many people found their accounts suddenly needed to be re-activated, and after doing that their emails were gone, then I
            Message 6 of 17 , Mar 7, 2013
            • 0 Attachment
              CB,

              If you mean the incident where many people found their accounts suddenly
              needed to be re-activated, and after doing that their emails were gone,
              then I think that was a Yahoo Glitch, and not a consequence of the
              emails with rogue links.

              Or, at least not related in any direct way.

              -- Shal


              On 3/7/2013 10:31 AM, CB wrote:
              >
              > I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all
              > the emails and folders were gone!!!!!!
            • adeomus ********
              the you-tube thing i caught, but the email thing looked completely legit. ( it was a popular ecard site used by many of us at the time). there was no way to
              Message 7 of 17 , Mar 7, 2013
              • 0 Attachment

                the you-tube thing i caught, but the email thing looked completely legit.
                ( it was a popular ecard site used by many of us at the time).

                there was no way to know the ecard thing was not right.

                ..But magic has a habit of lying low, 
                like a rake in the grass.

                ~Terry Pratchett
                ~














                --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

                From: Sasafrass452 <Sasafrass452@...>
                Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                To: Y-Mail@yahoogroups.com
                Received: Thursday, March 7, 2013, 5:18 PM



                If you have a good eye, you'll see the dash & know it's not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise. Unfortunately, you didn't heed that advice & nearly lost everything, but I'm sure you're much more cautious now, as a result.... Just remember, if a malicious link comes from a friend or relative, that's when you become the hero by calling & alerting them that their computer is infected ;) It's happened to my aunt a few times, & she needed help to clean up her system.... The problem is that many people aren't educated enough to keep their computers clean, or they're just plain gullible & download or click on anything that pops up on their screen.
                **Sasafrass452**
                http://www.friendburst.com/Sasafrass452
                http://thexfactorusa.proboards.com
                http://angiemillerfans.proboards.com
                On 03/07/2013 04:34 PM, adeomus ******** wrote:
                 


                and what about the spoofing i've been hearing about, for example ?

                even visible ones can be overlooked, for example:
                someone sent a link to our groups with something like you-tube........
                people were clicking on it before i noticed it !

                 a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
                i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
                i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

                even friends might not know they are not sending a " real" link.

                yes, most links are ok, but better take a second more to be safe, than ever sorry.

                ..But magic has a habit of lying low, 
                like a rake in the grass.
                
                ~Terry Pratchett~
                


                
                
                
                









                --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

                From: Sasafrass452 <Sasafrass452@...>
                Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                To: Y-Mail@yahoogroups.com
                Received: Thursday, March 7, 2013, 9:02 AM



                But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
                **Sasafrass452**
                http://www.friendburst.com/Sasafrass452
                http://thexfactorusa.proboards.com
                http://angiemillerfans.proboards.com
                On 03/06/2013 08:21 PM, adeomus ******** wrote:
                 


                why are people still clicking on links ?!
                it's been shown to be the single most hazardous thing to do.

                ..But magic has a habit of lying low, 
                like a rake in the grass.
                
                ~Terry Pratchett~
                


                
                
                
                









                --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

                From: Bill Todd <bt542000@...>
                Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
                To: Y-Mail@yahoogroups.com
                Received: Wednesday, March 6, 2013, 2:23 PM



                its simple
                don't click on the link just delete the email

                On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
                 

                There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

                This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

                http://www.iitp.org.nz/newsletter/article/414?utm_source=index

                Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

                The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




                --
                bill

                i own the following groups
                mrsp    non adult shares  ask for invite

                rapidsharevideo   ask for invite







              • lena_kiev
                ... Only or most? Big difference.
                Message 8 of 17 , Mar 7, 2013
                • 0 Attachment
                  > From: Donna Lee <donna74128@...>
                  >
                  > Why is only affecting Yahoo email accounts too?
                  > Most of the accounts that have been hacked are those with a Yahoo email!

                  Only or most? Big difference.
                • Shal Farley
                  Sasafrass, ... It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain
                  Message 9 of 17 , Mar 7, 2013
                  • 0 Attachment
                    Sasafrass,

                    > If you have a good eye, you'll see the dash & know it's not really a
                    > youtube link. So yes, taking 2 or 3 seconds to inspect the url is always
                    > wise.

                    It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain names we could see malicious sites named with characters that look like ASCII (Roman) letters, but aren't.

                    "IDN homograph attack"
                    <http://en.wikipedia.org/wiki/IDN_homograph_attack>

                    -- Shal
                    "Never give a sucker an even break" has never been truer.
                  • lena_kiev
                    ... 3D molecule viewer I sometimes use is Java-based. I use QuickJava add-on for Firefox and keep Java normally turned off. I also use FlashBlock add-on. ...
                    Message 10 of 17 , Mar 7, 2013
                    • 0 Attachment
                      > From: Shal Farley <shal@...>

                      > > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
                      > > (Java, Acrobat, Flash), ...
                      > > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.
                      >
                      > Or perhaps one of those plug-ins.
                      >
                      > I've evicted Java from my computers -- too many zero-day exploits in
                      > a row, and I don't know why I had it. That is, nothing I use daily
                      > has stopped working; no doubt I'll get a reminder eventually.

                      3D molecule viewer I sometimes use is Java-based.
                      I use QuickJava add-on for Firefox and keep Java normally turned off.
                      I also use FlashBlock add-on.

                      > > I use Unix instead of Windows on my (usual) computer at
                      > > home, so I could safely experiment.

                      > If the plug-ins are involved there may be more variables than just
                      > the OS. The victims may have had an outdated plug-in whereas you no
                      > doubt keep yours up-to-date, or possible don't use them.

                      Currently for FreeBSD only Flash 11.2r202.273 is available.
                      However, exploits can work under Windows only: code written for Windows
                      can work under another operating system only under an emulator
                      such as Wine, but Firefox works not under Wine.

                      > we don't know what percentage of the people who received
                      > and clicked on such links were subsequently exploited.

                      The numbers (about 10-15% IIRC) are in a couple articles among these:
                      http://blog.webroot.com/2011/10/31/outdated-operating-system-this-blackhole-exploit-kit-has-you-in-its-sights/
                      http://blog.webroot.com/2012/07/06/117000-unique-u-s-visitors-offered-for-malware-conversion/
                      http://blog.webroot.com/2012/10/31/nuclear-exploit-pack-goes-2-0/
                      http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf
                      http://blog.trendmicro.com/trendlabs-security-intelligence/a-refresher-on-spam-and-exploits/
                      http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-blackhole-spam/

                      > All we know
                      > is that it was apparently enough to propagate the problem to others.
                      > I'd actually expect that people prone to click on rogue links are
                      > also people prone to ignore updates, but that's just a stereotype in
                      > my mind.

                      I agree. But under Windows timely updates are not enough because of
                      zero-day exploits (of plugins, browsers and Windows)
                      and because the felons steal FTP passwords and contaminate
                      legitimate websites too.
                    • Donna Lee
                      Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding
                      Message 11 of 17 , Mar 8, 2013
                      • 0 Attachment
                        Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding the account is placed in the subject line. I just got one from my brother and he has a Yahoo account.

                        Donna Ford Lee ♂+♀=♡
                        Tulsa, OK

                        Don't cry because it's over,
                        smile because it happened.

                        Sent Via My iPhone
                      • Your message has been successfully submitted and would be delivered to recipients shortly.