Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Yahoo accounts hijacked via email-based attack: Bitdefender

Bitdefender finds attackers exploiting unpatched WordPress Uploader.

A new email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.

Bitdefender has warned of a link circulating in spam emails that appears to lead to an MSNBC Web page, but in reality leads to a page at a com-im9.net subdomain.

The link leads to a page housing a malicious piece of JavaScript that is disguised as the Lightbox JavaScript library. The site housing the script was registered in Ukraine on 27 January and is hosted in a data centre in Cyprus.

The second stage of the attack exploits an unpatched WordPress uploader component used by the Yahoo! Developer blog. The developer blog is housed at a Yahoo.com subdomain, and the attackers are able to steal a victim's Yahoo.com cookie, giving them access to the victim's contact list, providing further targets to spam.

Bitdefender is urging Yahoo account holders to watch out for spam emails and not to click on links in emails from unknown senders.

Follow Rebecca Merrett on Twitter: @Rebecca_Merrett

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Yahoo
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Yahoo, hacking exposed, security, javascript, bitdefender
Latest Blog Posts
Whitepapers
  • CISO 2013 Security Insights: A new standard for security leaders
    Insights from the 2013 IBM Chief Information Security Officer Assessment which uncovered a set of leading business, technology and measurement practices that help to address the questions CISO's and security leaders have in managing diverse business concerns, creating mobile security policies and in fully integrating business, risk and security metrics.
    Learn more »
  • Swiss Nuclear Power Plant Improves Business Continuity
    Learn how Kernkraftwerk Leibstadt (KKL), a Swiss nuclear power plant, achieved 95% virtualization with 50% fewer servers in just two months by implementing a Vblock System. The solution ensures that KKL can reliably deliver the continuous electricity supply safely and cost effectively.
    Learn more »
  • PCI DSS v3.0 - Compliance Guide
    Due to a lack of consumer confidence and a subsequent drop in sales, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. This paper provides information on available tools to help validate compliance with the latest version of the Payment Card Industry Data Security Standard (PCI DSS).
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments