Monday, September 01, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
ASUS and G.Skill Take Overclocking Records
Korean Researchers Advance Synthesis Process for Graphene Quantum Dots
LG Display Opens LCD Panel Plant in China
Apple Said to Work With Visa, MasterCard on IPhone Wallet
China Gives Microsoft Deadline To Respond To Anti-trust Probe
Samsung Introduces First Curved Soundbar For TVs
Intel Hopes To Improve Its Mobile Business With Ex-Qualcomm exec
Kingston HyperX Demos DDR4 Memory at PAX Prime
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Yahoo B...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, January 31, 2013
Yahoo Blog Hijacked, Bitdefender Says


An email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.

The security firm warned that a spam wave that has been circulating for roughly a month has been stealing Yahoo login credentials by exploiting an old vulnerability in a component of the Yahoo Developers blog.

The spam message features a bit.ly shortened URL that takes the user to a web page impersonating the popular MSNBC page, but which turns out to be located on a series of subdomains on hxxp://com-im9.net.

Whois information for the domain reveals it was bought in Ukraine and hosted in a data center in Nicosia, Cyprus, Bitdefender says.

Once the user lands on the alleged MSNBC page, a piece of JavaScript code inside tries to exploit a known vulnerability (CVE-2012-3414) in the SWF Uploader component on the Yahoo Developers Blog, which is powered by WordPress.

Since the exploitable component is located on a sub-domain of the target website, the same-origin policy does not prevent the exploit code access to cookies, which are subsequently sent to the attacker. Once they have the log-in cookie, they can authenticate into the victim's account and send spam or harvest contacts' e-mail addresses for other spam campaigns.

Bitdefender's experts believe this is the account recruitment stage of the operation and we expect the next wave of messages to feature links to malware.

Bitdefender said it had notified Yahoo about the incident and had provided the proof-of-concept documentation.


Previous
Next
Up To $80 Discount For CyberLink's PowerDirector 11 Software        All News        DVD and Blu-ray Still Drive Home Entertainment Revenue
Vulnerability Affects Latest VLC Media Player     General Computing News      Chinese Hackers Target New York Times Servers

Get RSS feed Easy Print E-Mail this Message

Related News
Yahoo, Google To Encrypt Web Mail
Yahoo, ComScore To Jointly Offer Online ad Measurements
Yahoo to Buy Flurry to Strengthen Mobile Products
Yahoo 2Q Revenue Fall
Yahoo To Stream Concerts For Free
Yahoo Offers Workforce Diversity Data
Yahoo Buys Mobile Messaging App Blink
Yahoo Disables Do Not Track Settings
Yahoo Unveils New Video and Digital Content Programming
Yahoo Set To Enter Into Original TV Programming: report
Yahoo To Encrypt Internal Traffic, Services
Yahoo Search To Feature Yelp's Reviews

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .