Yahoo accounts hijacked via email-based attack: Bitdefender
- 31 January, 2013 16:27
A new email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.
Bitdefender has warned of a link circulating in spam emails that appears to lead to an MSNBC Web page, but in reality leads to a page at a com-im9.net subdomain.
The second stage of the attack exploits an unpatched WordPress uploader component used by the Yahoo! Developer blog. The developer blog is housed at a Yahoo.com subdomain, and the attackers are able to steal a victim's Yahoo.com cookie, giving them access to the victim's contact list, providing further targets to spam.
Bitdefender is urging Yahoo account holders to watch out for spam emails and not to click on links in emails from unknown senders.
Follow Rebecca Merrett on Twitter: @Rebecca_Merrett
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
TPG pushes unlimited NBN fibre plans
NBN Co hits 105Mbps in limited FTTN trial
Microsoft puts the squeeze on Windows to shoehorn it into 16GB devices
Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest
NAB says goodbye to Bitcoin traders