Loading ...
Sorry, an error occurred while loading the content.

Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites

Expand Messages
  • Shal Farley
    CB, If you mean the incident where many people found their accounts suddenly needed to be re-activated, and after doing that their emails were gone, then I
    Message 1 of 17 , Mar 7, 2013
    • 0 Attachment
      CB,

      If you mean the incident where many people found their accounts suddenly
      needed to be re-activated, and after doing that their emails were gone,
      then I think that was a Yahoo Glitch, and not a consequence of the
      emails with rogue links.

      Or, at least not related in any direct way.

      -- Shal


      On 3/7/2013 10:31 AM, CB wrote:
      >
      > I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all
      > the emails and folders were gone!!!!!!
    • adeomus ********
      the you-tube thing i caught, but the email thing looked completely legit. ( it was a popular ecard site used by many of us at the time). there was no way to
      Message 2 of 17 , Mar 7, 2013
      • 0 Attachment

        the you-tube thing i caught, but the email thing looked completely legit.
        ( it was a popular ecard site used by many of us at the time).

        there was no way to know the ecard thing was not right.

        ..But magic has a habit of lying low, 
        like a rake in the grass.

        ~Terry Pratchett
        ~














        --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

        From: Sasafrass452 <Sasafrass452@...>
        Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
        To: Y-Mail@yahoogroups.com
        Received: Thursday, March 7, 2013, 5:18 PM



        If you have a good eye, you'll see the dash & know it's not really a youtube link. So yes, taking 2 or 3 seconds to inspect the url is always wise. Unfortunately, you didn't heed that advice & nearly lost everything, but I'm sure you're much more cautious now, as a result.... Just remember, if a malicious link comes from a friend or relative, that's when you become the hero by calling & alerting them that their computer is infected ;) It's happened to my aunt a few times, & she needed help to clean up her system.... The problem is that many people aren't educated enough to keep their computers clean, or they're just plain gullible & download or click on anything that pops up on their screen.
        **Sasafrass452**
        http://www.friendburst.com/Sasafrass452
        http://thexfactorusa.proboards.com
        http://angiemillerfans.proboards.com
        On 03/07/2013 04:34 PM, adeomus ******** wrote:
         


        and what about the spoofing i've been hearing about, for example ?

        even visible ones can be overlooked, for example:
        someone sent a link to our groups with something like you-tube........
        people were clicking on it before i noticed it !

         a good friend that i trust sent me an email awhile back that gave me a huge wakeup call.
        i clicked on it and my computer screen was immediately taken over by malware that was rapidly destroying everything in front of my eyes !!!
        i did a hard shut down, prevented a total catastrophe, and dealt with my palpitations afterward.

        even friends might not know they are not sending a " real" link.

        yes, most links are ok, but better take a second more to be safe, than ever sorry.

        ..But magic has a habit of lying low, 
        like a rake in the grass.
        
        ~Terry Pratchett~
        


        
        
        
        









        --- On Thu, 3/7/13, Sasafrass452 <Sasafrass452@...> wrote:

        From: Sasafrass452 <Sasafrass452@...>
        Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
        To: Y-Mail@yahoogroups.com
        Received: Thursday, March 7, 2013, 9:02 AM



        But of course, not all links lead to a virus. Unless it's from someone you know, there's no reason NOT to click on it unless that person is unknowingly infected & their email is sending spam. In these cases, it's pretty easy to tell when a link is not something a friend or relative would send you. All it takes is 2 seconds to look at the url before you click on it.
        **Sasafrass452**
        http://www.friendburst.com/Sasafrass452
        http://thexfactorusa.proboards.com
        http://angiemillerfans.proboards.com
        On 03/06/2013 08:21 PM, adeomus ******** wrote:
         


        why are people still clicking on links ?!
        it's been shown to be the single most hazardous thing to do.

        ..But magic has a habit of lying low, 
        like a rake in the grass.
        
        ~Terry Pratchett~
        


        
        
        
        









        --- On Wed, 3/6/13, Bill Todd <bt542000@...> wrote:

        From: Bill Todd <bt542000@...>
        Subject: Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
        To: Y-Mail@yahoogroups.com
        Received: Wednesday, March 6, 2013, 2:23 PM



        its simple
        don't click on the link just delete the email

        On 6 March 2013 16:21, Chris B <chrisjbrady@...> wrote:
         

        There's this trojan virus going round that is exploiting weaknesses in Yahoo's security. Basically you receive an email with a single URL to click on. This then sends you to a rogue website which downloads a piece of XLS or Javascript onto your computer. This in turn steals your Yahoo login cookies and sends them on to hackers. It also generates similar emails and sends them to everyone in your contacts address book.

        This is all detailed in posts to Yahoo Group [Y-Mail] and also at this excellent website:

        http://www.iitp.org.nz/newsletter/article/414?utm_source=index

        Although this article is about issues with yahoo mail in New Zealand, the hack described seems to be the same that everyone else is reporting.

        The question is how to remove this piece of XLS or Javascript? And also how to avoid getting the damn thing in the first place. Many thanks.




        --
        bill

        i own the following groups
        mrsp    non adult shares  ask for invite

        rapidsharevideo   ask for invite







      • lena_kiev
        ... Only or most? Big difference.
        Message 3 of 17 , Mar 7, 2013
        • 0 Attachment
          > From: Donna Lee <donna74128@...>
          >
          > Why is only affecting Yahoo email accounts too?
          > Most of the accounts that have been hacked are those with a Yahoo email!

          Only or most? Big difference.
        • Shal Farley
          Sasafrass, ... It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain
          Message 4 of 17 , Mar 7, 2013
          • 0 Attachment
            Sasafrass,

            > If you have a good eye, you'll see the dash & know it's not really a
            > youtube link. So yes, taking 2 or 3 seconds to inspect the url is always
            > wise.

            It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain names we could see malicious sites named with characters that look like ASCII (Roman) letters, but aren't.

            "IDN homograph attack"
            <http://en.wikipedia.org/wiki/IDN_homograph_attack>

            -- Shal
            "Never give a sucker an even break" has never been truer.
          • lena_kiev
            ... 3D molecule viewer I sometimes use is Java-based. I use QuickJava add-on for Firefox and keep Java normally turned off. I also use FlashBlock add-on. ...
            Message 5 of 17 , Mar 7, 2013
            • 0 Attachment
              > From: Shal Farley <shal@...>

              > > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
              > > (Java, Acrobat, Flash), ...
              > > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.
              >
              > Or perhaps one of those plug-ins.
              >
              > I've evicted Java from my computers -- too many zero-day exploits in
              > a row, and I don't know why I had it. That is, nothing I use daily
              > has stopped working; no doubt I'll get a reminder eventually.

              3D molecule viewer I sometimes use is Java-based.
              I use QuickJava add-on for Firefox and keep Java normally turned off.
              I also use FlashBlock add-on.

              > > I use Unix instead of Windows on my (usual) computer at
              > > home, so I could safely experiment.

              > If the plug-ins are involved there may be more variables than just
              > the OS. The victims may have had an outdated plug-in whereas you no
              > doubt keep yours up-to-date, or possible don't use them.

              Currently for FreeBSD only Flash 11.2r202.273 is available.
              However, exploits can work under Windows only: code written for Windows
              can work under another operating system only under an emulator
              such as Wine, but Firefox works not under Wine.

              > we don't know what percentage of the people who received
              > and clicked on such links were subsequently exploited.

              The numbers (about 10-15% IIRC) are in a couple articles among these:
              http://blog.webroot.com/2011/10/31/outdated-operating-system-this-blackhole-exploit-kit-has-you-in-its-sights/
              http://blog.webroot.com/2012/07/06/117000-unique-u-s-visitors-offered-for-malware-conversion/
              http://blog.webroot.com/2012/10/31/nuclear-exploit-pack-goes-2-0/
              http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf
              http://blog.trendmicro.com/trendlabs-security-intelligence/a-refresher-on-spam-and-exploits/
              http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-blackhole-spam/

              > All we know
              > is that it was apparently enough to propagate the problem to others.
              > I'd actually expect that people prone to click on rogue links are
              > also people prone to ignore updates, but that's just a stereotype in
              > my mind.

              I agree. But under Windows timely updates are not enough because of
              zero-day exploits (of plugins, browsers and Windows)
              and because the felons steal FTP passwords and contaminate
              legitimate websites too.
            • Donna Lee
              Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding
              Message 6 of 17 , Mar 8, 2013
              • 0 Attachment
                Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding the account is placed in the subject line. I just got one from my brother and he has a Yahoo account.

                Donna Ford Lee ♂+♀=♡
                Tulsa, OK

                Don't cry because it's over,
                smile because it happened.

                Sent Via My iPhone
              Your message has been successfully submitted and would be delivered to recipients shortly.