Loading ...
Sorry, an error occurred while loading the content.

Y-Mail Account Hacking and One-liner Emails

Expand Messages
  • Chris B
    I am a mod. for a number of Yahoo Groups. These are frequently spammed by one-liner emails. Clicking on these one-liner links takes the user to a rogue website
    Message 1 of 2 , Mar 15 3:51 PM
    • 0 Attachment
      I am a mod. for a number of Yahoo Groups. These are frequently spammed by one-liner emails. Clicking on these one-liner links takes the user to a rogue website which plants a trojan virus onto the user's computer. This is actually a piece of XLS or Javascript script - it has three functions:

      1/ the user's email account is effectively hi-jacked, it then sends the user's complete address book to the hackers

      2/ this then allows the hackers to send out begging letters on the user's behalf with sob stories about loss of passport, please send spare cash, etc., etc.

      3/ it also periodically resends one-liner emails to some or all of the addresses in the user's contacts list.

      Now there are some issues here which Yahoo should be addressing:

      Apparently this is a weakness in the way cookies are created and stored which contain a user's Y-Mail password and account details. It is these cookies which are sent to the hackers with login userid / password details. This is also a weakness in Wordpress - which uses the same processes.

      Secondly despite my asking on Yahoo Answers and also folks asking in posts on this Group Yahoo has failed to issue instructions as to how to delete these trojan scriplet viruses (virii?). Apparently changing passwords is not the solution - this just creates a new cookie which is sent to the hackers.

      Indeed Yahoo has failed to address these weaknesses - period.

      Whilst this is somewhat New Zealand-centric a good (safe) link is here.

      http://www.iitp.org.nz/newsletter/article/414?utm_source=index

      It describes well how the hacking works.

      But it doesn't say what to do if you or someone you know clicks on one of these one-liner links; or worse has an email account hacked and lots of begging emails sent out to friends with sob stories appealing for cash.

      CJB
    • lena_kiev
      ... Right. ... Wrong. ... That article describes a popular guess. But it s a wrong guess. A XSS exploit can steal a cookie but cannot steal password. But the
      Message 2 of 2 , Mar 16 6:35 AM
      • 0 Attachment
        > From: "Chris B" <chrisjbrady@...>
        >
        > I am a mod. for a number of Yahoo Groups. These are frequently
        > spammed by one-liner emails. Clicking on these one-liner links takes
        > the user to a rogue website which plants a trojan virus onto the
        > user's computer.

        Right.

        > This is actually a piece of XLS or Javascript

        Wrong.

        > Whilst this is somewhat New Zealand-centric a good (safe) link is
        > here.
        >
        > http://www.iitp.org.nz/newsletter/article/414?utm_source=index

        That article describes a popular guess. But it's a wrong guess.
        A XSS exploit can steal a cookie but cannot steal password.
        But the felons use correct password, as evidenced by "Logged In" lines
        in victums' "recent sign-in activity" linked from yahoo's Account Info.

        > But it doesn't say what to do if you or someone you know clicks on
        > one of these one-liner links; or worse has an email account hacked
        > and lots of begging emails sent out to friends with sob stories
        > appealing for cash.

        1. Change yahoo password.

        2. Update Adobe Flash Player and Adobe Reader from adobe.com/downloads
        and Java from java.com/download , keep them updated.
        Better disable Java in the browser (for example, with QuickJava plugin
        for Firefox), use Firefox's built-in PDF viewer instead of Acrobat
        and FlashBlock plugin for Firefox.

        3. Scan Windows for viruses on every computer where you ever entered
        that password. If no malware found then scan with LiveCD or LiveUSB
        one-time antivirus scanner (free for personal use) from freedrweb.com
        It works outside Windows, thus has the potential to find
        malware designed to disable or evade common antiviruses.
        After the malware (virus, trojan) found and removed,
        change mailbox password again, but not to the previous one.
        Never use those old passwords for this mailbox again.

        4. If all scans find nothing, repeat download and scan after a week
        (there is some hope that antivirus vendors catch up to this malware version).

        5. The problem is that exploits attack not only via security holes in
        browsers and their plugins. Security holes in Windows are perpetual.
        All the efforts of such password-stealing-malware writers are concentrated
        on Windows, infrequently they have some luck with a specific unupdated
        version (!) of Mac OS X or Android. So, the only way to be reasonably safe
        is to use (any) free operating system instead of Windows on the same computer,
        for example:
        http://en.wikipedia.org/wiki/GhostBSD
        http://en.wikipedia.org/wiki/PCLinuxOS
        http://en.wikipedia.org/wiki/Linux_Mint
        http://en.wikipedia.org/wiki/Ubuntu_%28operating_system%29
        Unfortunately, this advice usually falls on deaf ears,
        and various excuses are invented to change nothing. You have been warned.
        Unfortunately, we all suffer consequences of this deafness:
        passwords are stolen not only for such botnet-growing spam and stealing
        money, but also for other types of spam, contaminating legitimate websites,
        for sale to various enemies including trolls; bots are used for
        attacking websites...
      Your message has been successfully submitted and would be delivered to recipients shortly.