Yahoo accounts hijacked via email-based attack: Bitdefender
- 31 January, 2013 16:27
- Comments
A new email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.
Bitdefender has warned of a link circulating in spam emails that appears to lead to an MSNBC Web page, but in reality leads to a page at a com-im9.net subdomain.
The link leads to a page housing a malicious piece of JavaScript that is disguised as the Lightbox JavaScript library. The site housing the script was registered in Ukraine on 27 January and is hosted in a data centre in Cyprus.
The second stage of the attack exploits an unpatched WordPress uploader component used by the Yahoo! Developer blog. The developer blog is housed at a Yahoo.com subdomain, and the attackers are able to steal a victim's Yahoo.com cookie, giving them access to the victim's contact list, providing further targets to spam.
Bitdefender is urging Yahoo account holders to watch out for spam emails and not to click on links in emails from unknown senders.
Follow Rebecca Merrett on Twitter: @Rebecca_Merrett
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia
Recommended
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data
- Backup and Recovery Changes Drive IT Infrastructure and Business Transformation
- Managing Web Security in an Increasingly Challenging Threat Landscape
- The Five Key Benefits of Application Control and How to Achieve Them
- Migrate From HP-UX and Standardise with Confidence
-
Why change management doesn’t work
-
Larry Page wants to see your medical records
-
Dual-Persona Smartphones Not a BYOD Panacea
-
After two-year hiatus, EFF accepts bitcoin donations again
-
CIOs struggle to deliver timely mobile business apps: survey
-
Spear-Phishing Email: Most Favored APT Attack Bait
This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks. -
In Control at Layer 2: A Tectonic Shift in Network Security
Network hacking and corporate espionage are on the rise and set to intensify. Information security risks remain commonplace, and most organisations need to increase vigilance. This paper has analyses the realistic threats to fibre optic Ethernet networks – both at the LAN and WAN level. Read now. -
Saving Time and Money with Savvy Use of Flash in Automated Storage Tiering
In a sluggish economy, getting the best ROI on every IT dollar spent is the top priority for almost every business. Storage budgets in most IT environments continue to remain flat or are capped as a percentage of the overall IT spend, while data storage requirements continue to grow at an unsustainable pace. Download now to learn about the benefits of using flash in automated storage tiering.
Get exclusive access to Invitation only events CIO, reports & analysis. 
