Y-Mail Account Hacking and One-liner Emails
1/ the user's email account is effectively hi-jacked, it then sends the user's complete address book to the hackers
2/ this then allows the hackers to send out begging letters on the user's behalf with sob stories about loss of passport, please send spare cash, etc., etc.
3/ it also periodically resends one-liner emails to some or all of the addresses in the user's contacts list.
Now there are some issues here which Yahoo should be addressing:
Apparently this is a weakness in the way cookies are created and stored which contain a user's Y-Mail password and account details. It is these cookies which are sent to the hackers with login userid / password details. This is also a weakness in Wordpress - which uses the same processes.
Secondly despite my asking on Yahoo Answers and also folks asking in posts on this Group Yahoo has failed to issue instructions as to how to delete these trojan scriplet viruses (virii?). Apparently changing passwords is not the solution - this just creates a new cookie which is sent to the hackers.
Indeed Yahoo has failed to address these weaknesses - period.
Whilst this is somewhat New Zealand-centric a good (safe) link is here.
It describes well how the hacking works.
But it doesn't say what to do if you or someone you know clicks on one of these one-liner links; or worse has an email account hacked and lots of begging emails sent out to friends with sob stories appealing for cash.
> From: "Chris B" <chrisjbrady@...>Right.
> I am a mod. for a number of Yahoo Groups. These are frequently
> spammed by one-liner emails. Clicking on these one-liner links takes
> the user to a rogue website which plants a trojan virus onto the
> user's computer.
> Whilst this is somewhat New Zealand-centric a good (safe) link isThat article describes a popular guess. But it's a wrong guess.
A XSS exploit can steal a cookie but cannot steal password.
But the felons use correct password, as evidenced by "Logged In" lines
in victums' "recent sign-in activity" linked from yahoo's Account Info.
> But it doesn't say what to do if you or someone you know clicks on1. Change yahoo password.
> one of these one-liner links; or worse has an email account hacked
> and lots of begging emails sent out to friends with sob stories
> appealing for cash.
2. Update Adobe Flash Player and Adobe Reader from adobe.com/downloads
and Java from java.com/download , keep them updated.
Better disable Java in the browser (for example, with QuickJava plugin
for Firefox), use Firefox's built-in PDF viewer instead of Acrobat
and FlashBlock plugin for Firefox.
3. Scan Windows for viruses on every computer where you ever entered
that password. If no malware found then scan with LiveCD or LiveUSB
one-time antivirus scanner (free for personal use) from freedrweb.com
It works outside Windows, thus has the potential to find
malware designed to disable or evade common antiviruses.
After the malware (virus, trojan) found and removed,
change mailbox password again, but not to the previous one.
Never use those old passwords for this mailbox again.
4. If all scans find nothing, repeat download and scan after a week
(there is some hope that antivirus vendors catch up to this malware version).
5. The problem is that exploits attack not only via security holes in
browsers and their plugins. Security holes in Windows are perpetual.
All the efforts of such password-stealing-malware writers are concentrated
on Windows, infrequently they have some luck with a specific unupdated
version (!) of Mac OS X or Android. So, the only way to be reasonably safe
is to use (any) free operating system instead of Windows on the same computer,
Unfortunately, this advice usually falls on deaf ears,
and various excuses are invented to change nothing. You have been warned.
Unfortunately, we all suffer consequences of this deafness:
passwords are stolen not only for such botnet-growing spam and stealing
money, but also for other types of spam, contaminating legitimate websites,
for sale to various enemies including trolls; bots are used for