Email attack exploits vulnerability in Yahoo site to hijack accounts

The vulnerability is located in an old WordPress version used on the Yahoo Developer Network Blog site, Bitdefender researchers say

By Lucian Constantin, IDG News Service |  Security

After discovering the attack on Wednesday, the Bitdefender researchers searched the company's spam database and found very similar messages dating back almost a month, said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, Thursday via email.

"It is extremely difficult to estimate the success rate of such an attack because it can't be seen in the sensor network," he said. "However, we estimate that roughly one percent of the spam we have processed in the past month is caused by this incident."

Bitdefender reported the vulnerability to Yahoo on Wednesday, but it still appeared to be exploitable on Thursday, Botezatu said. "Some of our test accounts are still sending this specific type of spam," he said.

Yahoo did not immediately respond to a request for comment.

Botezatu advised users to avoid clicking on links received via email, especially if they are shortened with bit.ly. Determining whether a link is malicious before opening it can be hard with attacks like these, he said.

In this case, the messages came from people the users knew -- the senders were in their contact lists -- and the malicious site was well-crafted to look like the respectable MSNBC portal, he said. "It is a type of attack that we expect to be highly successful."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness