Breaking News

Leica Ultravid 8x32 HD-Plus Special Edition in brown leather BIOSTAR INTRODUCES THE BIRPL-PAT INDUSTRIAL MOTHERBOARD Sony Electronics and The Associated Press complete testing of advanced In-Camera authenticity technology TEAMGROUP Launches T-FORCE SIREN GD120S AIO SSD Cooler - An Exceptional AIO M.2 2280 SSD Liquid Cooler COUGAR Introduces the Hotrod – a motorsports-inspired gaming chair designed to support extreme gaming performance

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Yahoo Blog Hijacked, Bitdefender Says

Yahoo Blog Hijacked, Bitdefender Says

Enterprise & IT Jan 31,2013 0

An email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported. The security firm warned that a spam wave that has been circulating for roughly a month has been stealing Yahoo login credentials by exploiting an old vulnerability in a component of the Yahoo Developers blog.

The spam message features a bit.ly shortened URL that takes the user to a web page impersonating the popular MSNBC page, but which turns out to be located on a series of subdomains on hxxp://com-im9.net.

Whois information for the domain reveals it was bought in Ukraine and hosted in a data center in Nicosia, Cyprus, Bitdefender says.

Once the user lands on the alleged MSNBC page, a piece of JavaScript code inside tries to exploit a known vulnerability (CVE-2012-3414) in the SWF Uploader component on the Yahoo Developers Blog, which is powered by WordPress.

Since the exploitable component is located on a sub-domain of the target website, the same-origin policy does not prevent the exploit code access to cookies, which are subsequently sent to the attacker. Once they have the log-in cookie, they can authenticate into the victim's account and send spam or harvest contacts' e-mail addresses for other spam campaigns.

Bitdefender's experts believe this is the account recruitment stage of the operation and we expect the next wave of messages to feature links to malware.

Bitdefender said it had notified Yahoo about the incident and had provided the proof-of-concept documentation.

Tags: Yahoo
Previous Post
Up To $80 Discount For CyberLink's PowerDirector 11 Software
Next Post
DVD and Blu-ray Still Drive Home Entertainment Revenue

Related Posts

  • Yahoo and Verizon Launch Yahoo Mobile Unlimited Phone Service

  • Yahoo Groups Website is Closing

  • Yahoo Together Comes to Organize Group Messaging

  • Altaba Sells Yahoo Japan stake for $4.3 billion

  • Japan Accuses Apple of Pressuring Game Rivals: Nikkei

  • Oath Scans Your Yahoo and AOL Mail for Targeted Advertising

  • Mozilla Files Cross-Complaint Against Yahoo and Oath

  • Yahoo Says All 3 Billion Accounts Were Hacked in 2013 Security Breach

Latest News

Leica Ultravid 8x32 HD-Plus Special Edition in brown leather
Consumer Electronics

Leica Ultravid 8x32 HD-Plus Special Edition in brown leather

BIOSTAR INTRODUCES THE BIRPL-PAT INDUSTRIAL MOTHERBOARD
Enterprise & IT

BIOSTAR INTRODUCES THE BIRPL-PAT INDUSTRIAL MOTHERBOARD

Sony Electronics and The Associated Press complete testing of advanced In-Camera authenticity technology
Cameras

Sony Electronics and The Associated Press complete testing of advanced In-Camera authenticity technology

TEAMGROUP Launches T-FORCE SIREN GD120S AIO SSD Cooler - An Exceptional AIO M.2 2280 SSD Liquid Cooler
Cooling Systems

TEAMGROUP Launches T-FORCE SIREN GD120S AIO SSD Cooler - An Exceptional AIO M.2 2280 SSD Liquid Cooler

COUGAR Introduces the Hotrod – a motorsports-inspired gaming chair designed to support extreme gaming performance
Gaming

COUGAR Introduces the Hotrod – a motorsports-inspired gaming chair designed to support extreme gaming performance

Popular Reviews

Pioneer BDR-S13U-X Blu-Ray Recorder

Pioneer BDR-S13U-X Blu-Ray Recorder

Arctic Liquid Freezer II 360 Α-RGB

Arctic Liquid Freezer II 360 Α-RGB

Pioneer BDR-X13U-S

Pioneer BDR-X13U-S

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Verbatim External 4K Slimline Blu-Ray Recorder

Verbatim External 4K Slimline Blu-Ray Recorder

Surefire KINGPIN M2 Keyboard

Surefire KINGPIN M2 Keyboard

Samsung 970 EVO Plus 2TB NVME SSD

Samsung 970 EVO Plus 2TB NVME SSD

Crucial X8 4TB PortableSSD

Crucial X8 4TB PortableSSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed