Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Yahoo accounts hijacked via email-based attack: Bitdefender

Bitdefender finds attackers exploiting unpatched WordPress Uploader.

A new email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.

Bitdefender has warned of a link circulating in spam emails that appears to lead to an MSNBC Web page, but in reality leads to a page at a com-im9.net subdomain.

The link leads to a page housing a malicious piece of JavaScript that is disguised as the Lightbox JavaScript library. The site housing the script was registered in Ukraine on 27 January and is hosted in a data centre in Cyprus.

The second stage of the attack exploits an unpatched WordPress uploader component used by the Yahoo! Developer blog. The developer blog is housed at a Yahoo.com subdomain, and the attackers are able to steal a victim's Yahoo.com cookie, giving them access to the victim's contact list, providing further targets to spam.

Bitdefender is urging Yahoo account holders to watch out for spam emails and not to click on links in emails from unknown senders.

Follow Rebecca Merrett on Twitter: @Rebecca_Merrett

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Yahoo
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Yahoo, hacking exposed, security, javascript, bitdefender
Latest Blog Posts
Whitepapers
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
  • IDC MarketScape Excerpt: Worldwide Client Virtualization Software Assessment
    The rise of BYOD is creating governance and regulatory nightmares while providing end users with unprecedented flexibility and agility. While IT is still intrigued by the possibility of a better desktop management model and the operational savings client virtualization software could deliver, it is the increased governance and the ability to deliver desktops, applications, and data to any device that are driving today's purchases.
    Learn more »
  • The CIO Paradox
    As there are timeless leadership principles underlying IT value, there are unfortunately also timeless challenges that thwart the IT organisations efforts and make for a rocky path to CIO success. These are the inherent contradictions we call the CIO Paradox.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO