Loading ...
Sorry, an error occurred while loading the content.

Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites

Expand Messages
  • Shal Farley
    CB, If you mean the incident where many people found their accounts suddenly needed to be re-activated, and after doing that their emails were gone, then I
    Message 1 of 17 , Mar 7, 2013
    • 0 Attachment
      CB,

      If you mean the incident where many people found their accounts suddenly
      needed to be re-activated, and after doing that their emails were gone,
      then I think that was a Yahoo Glitch, and not a consequence of the
      emails with rogue links.

      Or, at least not related in any direct way.

      -- Shal


      On 3/7/2013 10:31 AM, CB wrote:
      >
      > I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all
      > the emails and folders were gone!!!!!!
    • lena_kiev
      ... Only or most? Big difference.
      Message 2 of 17 , Mar 7, 2013
      • 0 Attachment
        > From: Donna Lee <donna74128@...>
        >
        > Why is only affecting Yahoo email accounts too?
        > Most of the accounts that have been hacked are those with a Yahoo email!

        Only or most? Big difference.
      • Shal Farley
        Sasafrass, ... It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain
        Message 3 of 17 , Mar 7, 2013
        • 0 Attachment
          Sasafrass,

          > If you have a good eye, you'll see the dash & know it's not really a
          > youtube link. So yes, taking 2 or 3 seconds to inspect the url is always
          > wise.

          It gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain names we could see malicious sites named with characters that look like ASCII (Roman) letters, but aren't.

          "IDN homograph attack"
          <http://en.wikipedia.org/wiki/IDN_homograph_attack>

          -- Shal
          "Never give a sucker an even break" has never been truer.
        • lena_kiev
          ... 3D molecule viewer I sometimes use is Java-based. I use QuickJava add-on for Firefox and keep Java normally turned off. I also use FlashBlock add-on. ...
          Message 4 of 17 , Mar 7, 2013
          • 0 Attachment
            > From: Shal Farley <shal@...>

            > > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
            > > (Java, Acrobat, Flash), ...
            > > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.
            >
            > Or perhaps one of those plug-ins.
            >
            > I've evicted Java from my computers -- too many zero-day exploits in
            > a row, and I don't know why I had it. That is, nothing I use daily
            > has stopped working; no doubt I'll get a reminder eventually.

            3D molecule viewer I sometimes use is Java-based.
            I use QuickJava add-on for Firefox and keep Java normally turned off.
            I also use FlashBlock add-on.

            > > I use Unix instead of Windows on my (usual) computer at
            > > home, so I could safely experiment.

            > If the plug-ins are involved there may be more variables than just
            > the OS. The victims may have had an outdated plug-in whereas you no
            > doubt keep yours up-to-date, or possible don't use them.

            Currently for FreeBSD only Flash 11.2r202.273 is available.
            However, exploits can work under Windows only: code written for Windows
            can work under another operating system only under an emulator
            such as Wine, but Firefox works not under Wine.

            > we don't know what percentage of the people who received
            > and clicked on such links were subsequently exploited.

            The numbers (about 10-15% IIRC) are in a couple articles among these:
            http://blog.webroot.com/2011/10/31/outdated-operating-system-this-blackhole-exploit-kit-has-you-in-its-sights/
            http://blog.webroot.com/2012/07/06/117000-unique-u-s-visitors-offered-for-malware-conversion/
            http://blog.webroot.com/2012/10/31/nuclear-exploit-pack-goes-2-0/
            http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf
            http://blog.trendmicro.com/trendlabs-security-intelligence/a-refresher-on-spam-and-exploits/
            http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-blackhole-spam/

            > All we know
            > is that it was apparently enough to propagate the problem to others.
            > I'd actually expect that people prone to click on rogue links are
            > also people prone to ignore updates, but that's just a stereotype in
            > my mind.

            I agree. But under Windows timely updates are not enough because of
            zero-day exploits (of plugins, browsers and Windows)
            and because the felons steal FTP passwords and contaminate
            legitimate websites too.
          • Donna Lee
            Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding
            Message 5 of 17 , Mar 8, 2013
            • 0 Attachment
              Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding the account is placed in the subject line. I just got one from my brother and he has a Yahoo account.

              Donna Ford Lee ♂+♀=♡
              Tulsa, OK

              Don't cry because it's over,
              smile because it happened.

              Sent Via My iPhone
            Your message has been successfully submitted and would be delivered to recipients shortly.