Yahoo accounts hijacked via email-based attack: Bitdefender

Bitdefender finds attackers exploiting unpatched WordPress Uploader.

A new email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.

Bitdefender has warned of a link circulating in spam emails that appears to lead to an MSNBC Web page, but in reality leads to a page at a com-im9.net subdomain.

The link leads to a page housing a malicious piece of JavaScript that is disguised as the Lightbox JavaScript library. The site housing the script was registered in Ukraine on 27 January and is hosted in a data centre in Cyprus.

The second stage of the attack exploits an unpatched WordPress uploader component used by the Yahoo! Developer blog. The developer blog is housed at a Yahoo.com subdomain, and the attackers are able to steal a victim's Yahoo.com cookie, giving them access to the victim's contact list, providing further targets to spam.

Bitdefender is urging Yahoo account holders to watch out for spam emails and not to click on links in emails from unknown senders.

Follow Rebecca Merrett on Twitter: @Rebecca_Merrett

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Tags Yahoohacking exposedsecurityjavascriptbitdefender

More about Yahoo

2 Comments

Mel

1

I believe this is what happened to my account, but I hadn't opened my account in over a week and I never click on links I do not know or spam emails. Could it hijack without me opening my account?

Gorana

2

My mail account was hacked yesterday evening. I didn't use mail account, i wasn't loged in, it just send mails from my addres to other 420 adress. I don't know the content of email.
Could it hijack without me opening my account?

Comments are now closed

Envious of fiber broadband? Help is on the way for copper users

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]