Yahoo accounts hijacked via email-based attack: Bitdefender
- 31 January, 2013 16:27
A new email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.
Bitdefender has warned of a link circulating in spam emails that appears to lead to an MSNBC Web page, but in reality leads to a page at a com-im9.net subdomain.
The second stage of the attack exploits an unpatched WordPress uploader component used by the Yahoo! Developer blog. The developer blog is housed at a Yahoo.com subdomain, and the attackers are able to steal a victim's Yahoo.com cookie, giving them access to the victim's contact list, providing further targets to spam.
Bitdefender is urging Yahoo account holders to watch out for spam emails and not to click on links in emails from unknown senders.
Follow Rebecca Merrett on Twitter: @Rebecca_Merrett
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
Verizon, Jennifer Lopez partner on Latino-focused wireless stores
Santos migrates to Windows 7 before XP support ends
Australia remains black spot for Vodafone
WikiLeaks Party closer to registering
AusCERT 2013: NBN users need security professionals’ help, says Google