Rise in A&T/Yahoo e-mail users spam/getting hacked

[Mr.Mike]

Yep. Four of my client AT&T users were sending each other bad emails a couple of weeks back. I suspected someone was just using their old addresses or spoofing and ran scans on all their machines. Nothing very dangerous showed up. Ultimately I set them up with new addresses and much stronger passwords.

[angry_geek]

For the last few years, I've seen a very disproportionate number of Yahoo users infected with various malware. A while back, I set up a vm and let it run with several Firefox and IE tabs open to various pages displaying Yahoo ad streams. After 2 days and several random clicks on various ads, that vm was unusable. Since then, I have constantly urged people to get away from Yahoo. It just seems as though Yahoo doesn't really care if people get infected from their services. It's a shame really. I used to like them.

[Mr.Mike]

Quote:

Originally Posted by angry_geek

For the last few years, I've seen a very disproportionate number of Yahoo users infected with various malware. A while back, I set up a vm and let it run with several Firefox and IE tabs open to various pages displaying Yahoo ad streams. After 2 days and several random clicks on various ads, that vm was unusable. Since then, I have constantly urged people to get away from Yahoo. It just seems as though Yahoo doesn't really care if people get infected from their services. It's a shame really. I used to like them.

Interesting to hear you say that since yahoo and AT&T have teamed up recently for internet email. All the clients with troubles had yahoo mail hosted by AT&T.

[coffee]

Perhaps my age is starting to show but I have never liked the idea of accessing your email thru your webrowser. To me you are trusting some company you dont know to safeguard your email. But now this seems to be the defacto standard and the virus authors must be jumping for joy.

I also dont care for storing stuff on "The Cloud" for the same exact reasons. You dont know who is taking care of your data.

I jumped off the MS ship along time ago and I really only consider MSwindows to be a operating system for playing games. MS seems to point this out as they use linux servers for their hotmail.

coffee

[brock029]

Quote:

Originally Posted by ScarletPathos

Interesting to hear you say that since yahoo and AT&T have teamed up recently for internet email. All the clients with troubles had yahoo mail hosted by AT&T.

I did tech support for AT&T for about 6 months in January of last year. It seemed to be extreamly common. Someone calls and says there internet doesn't work after troubleshooting for a minute you quickly figure out that they have an internet connection, you can see the computer on the lan, but they cant get to certain webpages or whatever else because of viruses/malware/etc... Doesn't exactly mean its because of there email but majority of the people who had these problems were older and used there AT&T emails as their only email account. I even had people who stopped there AT&T subscription and would call, and be very upset because they couldnt login to it anymore.

[computertech775]

In the past month I’ve been contacted by dozens of clients who have had their email account hacked and sending out spam to all of their contacts. This happened shortly after clicking on a link in an abnormal email from someone they know. From what what I've been able to figure out, the website that the link opens (which is usually a work-from-home "opportunity") must be capturing their email login cookie or something similar to what the Firesheep Firefox extension does, except it's the website that's capturing it rather than another computer on a wi-fi network.

I looked at the HTML source code of one of the web pages linked from emails I received from a client's hacked email account, and the web page has an iframe with a link to a .php page. If anyone more familiar with website coding wants me to share some of the links, PM me and I will send them. I don't want to post live links to malicious web sites here in the public forums.

I've had a few clients who "are stranded in a foreign country" and need money. Most of those hacked accounts were due to them responding to a phishing email from "Yahoo".

[iladelf]

Computertech, I think you've hit the nail on the head. Believe both times my customer got infected, it was due to something what you mentioned in your post above.

[Nomad Computer Repair]

Interesting, I'm seeing a client today who uses Yahoo email and is having the same problem. I know they don't use wifi. I asked if I could contact recipients of the email in an attempt to get header information, but the client doesn't want to provide me with that information until I get there /shrug. Anyway, I will do a virus scan just in case, and reset the passwords, and check email settings once the system is clean. Also, I will do a little education about phishing.
Any other suggestions?

[coffee]

Quote:

Originally Posted by Nomad Computer Repair

Interesting, I'm seeing a client today who uses Yahoo email and is having the same problem. I know they don't use wifi. I asked if I could contact recipients of the email in an attempt to get header information, but the client doesn't want to provide me with that information until I get there /shrug. Anyway, I will do a virus scan just in case, and reset the passwords, and check email settings once the system is clean. Also, I will do a little education about phishing.
Any other suggestions?

I have family members with yahoo accounts that are sending me the "Work from Home" email. They are addressed in the subject line "Hi joseph". It only contains a link in the body of the email. If this is similar and your looking for headers I could send you one of many I have. I dont think there is any harm in sending headers. After all, Its just routing info.

let me know and Ill PM you and post the headers in a PM.

My thoughts are that their computer is infected and sending these emails. Otherwise the only other way is through yahoo themselves being broken into. WHich, I have heard that they have been a few months back.

Best Regards,

coffee

[altrenda]

Quote:

Originally Posted by YeOldeStonecat

web mail based clients......plus sending spam to only people they have in their web based address book...spoofing not capable of that (getting inside their account to mine the addresses)

had several ATT/yahoo clients with this problem. a few had their passwords changed.

Also received emails from friends with the same problem.
ATT contracting its email several years back to Yahoo has had lots of problems.

Quote:

Originally Posted by coffee

......MS seems to point this out as they use linux servers for their hotmail.
coffee

I believe they changed to Windows server in 2005 or 2006.