Sunday, October 04, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Buys Havok
Google Officially Becomes Alphabet
Microsoft Works On A Laptop Battery System That Adapts To Your Habits To Last Longer
Motorola Outlines Android Marshmallow Update Plans
AMD FirePro Graphics Powers New Dell Precision Mobile Workstations
Globalfoundries Said To Move To 10nm Development On Its Own
Nvidia Launches New Maxwell-based Quadro graphics For Mobile workstations
Microsoft Expands Licensing Agreements With Asus, I-O Data
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > Yahoo B...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, January 31, 2013
Yahoo Blog Hijacked, Bitdefender Says

An email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported.

The security firm warned that a spam wave that has been circulating for roughly a month has been stealing Yahoo login credentials by exploiting an old vulnerability in a component of the Yahoo Developers blog.

The spam message features a shortened URL that takes the user to a web page impersonating the popular MSNBC page, but which turns out to be located on a series of subdomains on hxxp://

Whois information for the domain reveals it was bought in Ukraine and hosted in a data center in Nicosia, Cyprus, Bitdefender says.

Once the user lands on the alleged MSNBC page, a piece of JavaScript code inside tries to exploit a known vulnerability (CVE-2012-3414) in the SWF Uploader component on the Yahoo Developers Blog, which is powered by WordPress.

Since the exploitable component is located on a sub-domain of the target website, the same-origin policy does not prevent the exploit code access to cookies, which are subsequently sent to the attacker. Once they have the log-in cookie, they can authenticate into the victim's account and send spam or harvest contacts' e-mail addresses for other spam campaigns.

Bitdefender's experts believe this is the account recruitment stage of the operation and we expect the next wave of messages to feature links to malware.

Bitdefender said it had notified Yahoo about the incident and had provided the proof-of-concept documentation.

Up To $80 Discount For CyberLink's PowerDirector 11 Software        All News        DVD and Blu-ray Still Drive Home Entertainment Revenue
Vulnerability Affects Latest VLC Media Player     General Computing News      Chinese Hackers Target New York Times Servers

Get RSS feed Easy Print E-Mail this Message

Related News
Yahoo Unveils New Ad Technologies
Alibaba Spinoff May Cost Yahoo More Than Expected
Yahoo Gets Fashionable With Acquisition Of Polyvore
Yahoo Introduces Livetext Messaging App
Yahoo To Enter The Daily Fantasy Sports Market
Yahoo Takes More Services Offline
Yahoo Gives Advertisers Fraud Verification Tools
Yahoo Releases New Video Series
Is Yahoo Readying New Messenger?
Microsoft, Yahoo Renew Search Deal
Yahoo Autos Is Launching Today
Yahoo Will Text You Your Password

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .