password stealer

[ling_dtua_khaao]

Someone from TF who has me in his Yahoo Messenger contact list sent me the following URL by Yahoo Messenger last night (WARNING: do not sign in to the page it opens!)

http://www.geocities.com/crystal_ladyhawks/    

I asked him about it, what it was, and he did not send it.

The link opens what looks like a signin page for Yahoo Photos. But it isn't. It is a password harvester. It wants you to sign in with your password so that the program can steal it.

If you know how Yahoo Geocities (Yahoo's free web page service) works, the URL given above should be reserved for the use of whoever has the primary Yahoo ID crystal_ladyhawks. There is such a Yahoo user, but she (?) has all of her web stuff on Tripod.com, no links to Geocities from her Yahoo profile.

So someone has probably taken over an unused Geocities web space to install the password stealer. If the hacker can install spyware on another person's computer, or hack it in some other way, in such a way that he can send out Yahoo IMs to contacts without the real person knowing about it, then I'm sure it is also not hard to take over the unused Geocities web space of another Yahoo user.

Anyway, if you get an IM like this on Yahoo asking you to sign in to a page, beware! Don't sign in. Ask your contact if he or she actually sent it to you.

I tried complaining to Yahoo Abuse about the page, but their server was down (probably it had been hacked ). Will try again.

--Ling

[Princess]

Scary :shock: Thanks for the heads-up.

[patrickbseattle]

This happen to me too, on my old id.

Yahoo still didnt erase the id despite my many emails saying I know longer control it.