Book of the Month

Michael Wolraich's picture

Who Hijacked Yahoo Mail?

This morning, I emailed everyone I know to try to sell them Viagra. Ex-bosses, ex-friends, ex-random-people-that-I-met-once-in-a-cafe, and ex-girlfriends (who really don't want to hear from me, let alone buy Viagra from me).

Sorry.

I didn't mean to. In fact, I don't remember doing it. But the incriminating evidence is sitting in my Yahoo "Sent Mail" folder. Six emails sent collectively to everyone in my contacts list between 10:09 and 10:10 am. All hocking Viagra.

How could this have happened? After several hours of research and several more hours of head scratching, not including a quick lunch break, three bathroom trips (#1, #1, #2), and half-an-hour to figure out how to change my email password, I've narrowed it down to five possibilities:

1. My computer has virus. This might seem like the most likely possibility, since the newly discovered Kneber bot apparently loves to steal Yahoo email passwords. But the Kneber bot targets PCs, and I have a Mac. Moreover, the only known Mac OS X virus is a pathetic iChat trojan horse that wouldn't recognize a Yahoo email password if you tweeted, "Hey virus, my yahoo email password is onenutgenghis73."

2. I got hacked. Unlikely, since I don't give my password out and certainly don't publish it on the Internet where some Viagra-spammer could find on it. Plus, it has numbers and other confusing things in it.

3. Yahoo got hacked. Possible, especially since my Mac-owning ex-girlfriend also tried to sell me Viagra last week via Yahoo mail. But you'd think that Yahoo getting hacked would be all over the news, and I've found nothing so far.

4. I checked my email from an infected PC. In all seriousness, this seems the most probable cause, given the Kneber bot's password-stealing proclivities, even though I rarely check email from other computers.

5. I was drunk. Possible but unlikely, even for me, at 10 in the morning. Hocking Viagra would also be atypical behavior for me to do while drunk. Had my emails included pictures of my head photoshopped onto the bodies of various celebrities, porn stars, and furry animals, it would be a different matter.

So the mystery continues. If your email or facebook account has been hacked recently, please speak up in the comments so that we can get to the bottom of this.

And if you just want Viagra, please send me a private comment. I'll add you to my contact list.

------------------------------------------------------------------------------------------------

Update 9/20/10: I wrote this article in February 2010. Since then, it has been read by over 35,000 people, making it the most popular article in the history of this blog. Clearly, Yahoo suffered and perhaps continues to suffer from major security breaches which the company has yet to acknowledge. For speculation about the source of the breach and tips for protecting yourself, keep scrolling. (And if you're into left-leaning American politics, please check out our home page: http://dagblog.com.)

------------------------------------------------------------------------------------------------

Update 5/29/10: Commenter Spagnonymous found an article from SC Magazine that points to the likely source of the security breach:

9/21/09 A widespread brute-force attack against Yahoo email users aims to obtain login credentials and then use the hijacked accounts for spamming, a researcher at Breach Security disclosed last week.

------------------------------------------------------------------------------------------------

Update 5/29/10: I'm going to share the recommendations from Jeannette below. Some of these might be overkill. I have had no issue with any Yahoo services besides email. But at the very least, I recommend deleting your online contacts.

If you want to still keep you Yahoo account open for some reason, here are some precautions:

--strip the account of your personal info. Real name, adress, anything. Birthday. Really poke around in Yahoo. You may be surprised at the information you have given them.

--See what security questions you've given yahoo. Change them to inaccurate answers and write them down somewhere so you don't forget.

--strip the account of all folders, inbox, sent emails, drafts, everything. You don't want them havng the verification code for your gmail account, or worse.

--Double delete your contacts. Even if deleted, they are still there. Poke around in the contacts pane.

--Did you ever pay Yahoo for anything? Mail Plus? Personals? Pay Flickr Pro through Yahoo? Then you have a Yahoo Wallet. This is bad. Find it and strip it of credit card info.

--Um, you don't have Yahoo Paypal Checkout or Yahoo Express Checkout through My Yahoo, do you? Well, now they do, too.

--what email addres did you give Yahoo as your password recovery address? Is that a secure provider? Does that account have a unique, very strong password?

------------------------------------------------------------------------------------------------

Update 3/12/10: So I've been going back and forth with Yahoo Customer Care to try to find out how my account was hacked. I faxed them written permission, answered security questions, etc. Customer Care then accessed my account and did nothing but reset my password. That's a bit strange in itself because I'm sure that Yahoo doesn't need written permission to reset a password.

In any case, I was looking for information, not a password reset, so I explained, again, that I wanted to find out how my account had been hacked and requested any information that they had.

Now here's the punchline--they won't tell me. To get information about my own account, I have to go through the legal department and may require a subpoena. This is starting to smell.

I'm going to get some legal advice and will follow up when I get more information. The edited email chain is below.

--------------------------------

Hello, Michael

We'd like to apologize for any inconvenience that has been caused while
you help us verify the information that is listed on your account.

We've created a temporary password which will help you regain access
right away!

Your new password is: ***************

Again, we do apologize for the inconvenience this situation has caused.
Please let us know if there's anything else we can do.

Your patience is greatly appreciated.

Thank you again for contacting Yahoo! Account Services.

Regards,
Jake

Account Security E2ENG

Yahoo! Customer Care

New and Improved Yahoo! Mail - better than ever!

--------------------------------

Hello, Jake. Thank you for looking into my problem. However, resetting  
my password was not the issue. I did that myself as soon as I realized  
that my account had been compromised.

I contacted Yahoo to determine how my account had been hijacked in  
order to make sure that my information is safe. Were you able to  
determine how the hackers gained access to my account? As I mentioned  
in my email, I use a Mac, and I don't believe that there are any Mac  
viruses that can capture passwords from keystrokes.

Thanks,
Mike

--------------------------------

Hello Mike,

Thank you for contacting Yahoo! Customer Care.

We apologize for the previous misunderstanding.

It is our understanding that you would like information from Yahoo!
regarding access to your account.

State and Federal laws strictly limit the information that online
service providers, like Yahoo!, may disclose about subscribers. If you
are seeking to obtain account information on a specific subscriber, we
will need a subpoena or a court order.

If you have obtained a subpoena or a court order for the release of
information, please mail it to:

Yahoo! Custodian of Records
701 First Avenue
Sunnyvale, CA 94089

Thank you again for contacting Yahoo! Customer Care.

Regards,

Jane

Yahoo! Customer Care

New and Improved Yahoo! Mail - better than ever!

--------------------------------

Hello Jane, I'm very confused now. I asked for information about only  
my own account. My mail account was used by a third party to send  
soliciting emails without my knowledge or consent. I would like to  
know how a third party gained access to my account so that I can  
protect myself from the loss of privacy. I am a paying yahoo customer,  
and I think it's reasonable to request any information you have about  
how my account was hijacked without my having to obtain a subpoena.

Thank you for your assistance,

Mike

--------------------------------

Hello Mike,

Thank you for writing to Yahoo! Account Services.

We'd like to apologize for any inconvenience that our process for
attaining the information you've requested may cause.

If you would like to attain access logs and activity records for your
own account, we will need you to contact our Yahoo! Custodian of Records
department. Unfortunately, our Yahoo! Account Security team does not
have access to these records.

To disclose log information and access data, we may require a subpoena
or other legal documentation. Send all such requests in writing to:

Yahoo! Custodian of Records
701 First Avenue
Sunnyvale, CA 94089-1019

For information regarding subpoenas or court orders, please call:

(408) 349-3687

If you prefer, you may fax questions to the Yahoo! legal department at:

(408) 349-7941

or submit them to us by mail to:

Yahoo! Inc.
Attn: Legal Department
701 First Avenue
Sunnyvale, CA 94089

Again, we do apologize for the inconvenience this situation has caused.
Please let us know if there's anything else we can do.

Your patience is greatly appreciated.

Thank you again for contacting Yahoo! Account Services.

Regards,

Jake

Account Security E2Y

Yahoo! Customer Care

New and Improved Yahoo! Mail - better than ever!

------------------------------------------------------------------------------------------------

Update 5/29/10:I filed a complaint with the Better Business Bureau in San Jose, CA. That didn't get me anywhere either. But here it is for your reading pleasure.

Complaint Summary

My paid email account was hijacked by a third party. Yahoo will provide no information to me about how the hijacking occurred.

Resolution Sought

I would like Yahoo to provide me any information that it has on how a third party obtained access to my email account, whether my private data has been compromised, and how I can protect myself from a similar attack in the future.

Company's Initial Response - Posted 04/29/2010

We understand that you would like to know how your account was accessed. To disclose log information and access data, we may require a subpoena or other legal documentation. Send all such requests in writing to: Yahoo! Custodian of Records 701 First Avenue Sunnyvale, CA 94089-1019 If you are concerned about safeguarding the privacy and security of your Yahoo! account, please refer to the following guidelines: * Always sign out when you are finished using your account. This is especially important if you use a public or shared computer. To sign out of your account, click the "Sign Out" link, located at the top of the page. (If you have clicked on the "Remember my ID on this computer" box, signing out will disable that option.) You may also want to completely exit the browser you have been using. * Choose your password wisely. Choose a Yahoo! password which you will remember, but which cannot be easily guessed, even by those who know you. It is very important to keep your password private at all times. Use a complex password that is a mixture of upper and lowercase letters, numbers, and symbols. * Change your password when necessary. If, at any time, you become concerned about the security of your password, you can always change it online. Just sign in to your Yahoo! account, and click on the "Account Info" or "My Account" link, located at the top of most pages you visit at Yahoo!. Re-enter your password to continue, and click on the "Change Password" link on your Account Information page. You will then be asked to enter your current password, a new password, and then to confirm your new password. Once you've filled in these fields, click the "Save" button to put the change into effect. * Choose your Security Question and Secret Answer wisely. If you gave us a Security Question and Secret Answer during registration, be sure that you have chosen a Secret Answer that you will definitely remember, but which will also be difficult for others to guess from your Security Question. (Remember, it's possible for anyone who knows your Yahoo! ID, birthday, and ZIP/Postal code to see what your Security Question is.) * You can update your Security Questions and Secret Answers by accessing your "Account Information" page. 1.Sign into your Yahoo! account. 2.Click on your name at the top of the page and select "Account Info" from the pull-down list. You will be required to verify your current password. 3.Under "Sign-In and Security," click "Update password - reset info." 4.You can choose one of the security questions we have made available or your can choose your own. 5.Be sure to click "Save" after you have provided your new information. Please note that: - The security questions must be 5 to 100 characters in length, and may only contain letters and numbers. - The answers to your questions must be 4 to 32 characters in length, and may only contain letters and numbers. - The security question cannot contain the answer. - The security questions cannot be the same. - The answers to your two security questions cannot be the same. * Clear your browser's cache. Doing this will remove the possibility that another user on the same computer could use the browser's "Back" button or "History" function to view any of the contents of your account. Please note: Your Yahoo! ID and password are your own confidential information. No Yahoo! employee will ever ask you for your password in an unsolicited phone call or email message. If you are ever asked for your password in an unsolicited manner, or by someone you do not believe to be a representative of Yahoo!, please do not share your password with them, and ask them the reason for asking. For additional information on ways to protect your information online, please visit the Yahoo! Security Center at: http://security.yahoo.com

Initial Response Summary

Account access was restored to customer. Yahoo! cannot determine if any data was accessed in the account. Provided customer with security tips.

Consumer's Rebuttal - Posted 05/06/2010

This response is unsatisfactory and offers nothing that I have not already been told by Yahoo Customer Care. The generic security tips are available on Yahoo's website. My password and secret answers already follow their recommendations. Therefore, the information provides me no assistance in avoiding a similar event in the future. Furthermore, since Yahoo has provided no information about the manner in which the account was accessed, I cannot ascertain whether the hackers were able to access my private data other than my contacts list. Yahoo reiterated that I must file a subpoena in order to learn any information about this breach of my account, an unreasonable demand, since the cost of obtaining a subpoena is prohibitive, and I have not asked for any proprietary information about any account other than my own. Though I am a paying customer of some 10 years, Yahoo refuses to give me reasonable information to help me protect myself.

Company's Final Response - Posted 05/07/2010

Our previous response stands as is. Based on our investigation, there is no other information we are able to offer as to how the account was compromised. Access logs will require a subpoena.

Does this mean I'm not getting the discount?

Oh that was gold.

Yahoo! has gone straight into the toilet. I first found all my contacts deleted and attempted to get them to do a restore. As a former IT professional this looked like a simple fix. I too was given the run around and in essence found that Yahoo! is being run by morons and scumbags laying around eating junk food and napping. I hunted around on various discussion boards and found that any acct that had been compromised had its contacts deleted as a "security measure". I wrote them regarding this and was told that they couldn't do anything about undoing their fuck up. Now to make matters worse...I had found two e-mail that contained all the contacts. The original spam if you will. I was relieved. Years and years of contacts weren't completely lost. The phone #s and addresses were unless the e-mail address was still valid and active. These were years and years worth of contacts. I at least had enough brains to forward these two email to another acct not on Yahoo!. I had even concatenated the two into one e-mail so I could more quickly copy and past them back into my contacts and sent it to my Yahoo! actt. So this last Tuesday I go to find those two e-mail only to find all but 3 e-mail had been deleted from my sent mail. Fucking Yahoo!. As I had originally told them, it would have been far easier and customer protecting to just disable any compromised acct and create a page one would be re-directed to if this was the case to re-activate it with Oh I don't know maybe our SECURITY QUESTIONS and reset our password. Disaster averted not multiplied. With this sent mail deletion I sent a complaint that included a promise of a class-action suit if this isn't recctified. I'm sure many of us have depended on that Yahoo! mail acct for years. Lets sue their asses.

Got me this morning at 5:53.  My wife was on her email when she got an email from "me" with a link to some site that I know I didn't send because I was getting dressed.  When I got to work I found another email from "me" on my work email.  Same time 5:53, with a different link in the email.  Will run the usual V scans and adaware when I get home.  Firsat time this has happened to me with yahoo.    

I had the same email or at least a very similar one.  It landed in my coffee roaster website inbox from my main personal email address.  I was like what the **** and then after looking it up I found this post here.  Hopefully I can just change the password and suck to get my account back in my control.

Any suggestions would be great.

Changing the password worked for me. As a precaution, I would clear our your online contacts if you can get by without it.

My best advice is when typing in passwords and info: is to type part of it click somewhere else, type many more nonsense junk, more of the password stuff, to confuse a keylogger, doubtful that it wasn't a keylogger, but somebody could have also phrecked the computers video output via the internet and watched you use security questions. 3rd party apps, such as digsby (and trillian but still no problem w that) these programs use chat icq, and after i tried digsby, my myspace account was phished and i had to change a password. i narrowed it down to digsby as the cause, since i uninstalled it, my account hasn't been phished. I also got an email from a friend that i instantly realized its been phished and now used by a spammer. most of the time this is done by a keylogger or a fake site with the same layout that redirects you to that provider's page stating "login failure" to make you think you mistyped a letter. 3rd party toolbars, greasemonkey scripts and many programs spy on their users, and yes they know personal information, because you freely hand it out on social sites. Have you heard of a Zombie. well the tech term, a hacker can remotely run your computer and attack corporate & gov servers and databases, or use 1,000's of zombies to slow the data flow of a server while using data mining bots to unencrypt information. And we all expect our computers to have an awesome antiviris software, firewall, and whatnot. When lots of these software companies employ hackers after they're caught to write the antivirals. What makes them white hat programmers now, when before probation they had no problem being blackhats. hell you can buy a doggle that plugs in and records typing as a log and find passcodes easily for experienced programmers. do you know when you erase something it is still on your harddrive, (and i do mean you have emptied your recycle bin already) because the computer just marks that sector of data as availible to be copied over later.

An even more secure way of defeating a keylogger is to copy & paste the letters from someplace else (I'm sure this blog now has enough letters that you shouldn't have any problems using it!). That way, you can enter your password using only your mouse! (This assumes the system that's asking for the password allows pasted text. Some don't.)

NB: No security system is ever completely secure.

Both of my sisters got this virus, one had a Yahoo account the other a Hotmail account.  The sister with Yahoo virus got it first and may have spread it to the Hotmail sister.  The Yahoo sister got the same Yahoo runaround described here. 

I have many Yahoo email accounts but have never had the problem - probably because I never ever use their contacts list or address book to store my contact info.  I have a pretty simple, non-onerous system for MANUALLY entering email strings into the TO: window from an easily accessible data page I pull up.  Ironically, I have always done it this way because I did not trust Yahoo at all.  I was afraid they'd collect and sell my contact info (a very lucrative enterprise when done on such a large scale) like AOL did, after convincing their members for year how vigilantly concerned they were to protect members' privacy.  Yahoo and Hotmail are lightening rods for spammers, and Yahoo has never seemed to be GENUINELY concerned about it, as though spamming might somehow be profitable for Yahoo.  So I never trusted Yahoo.

Don't know what my Yahoo sister did to stop the problem, but we don't get the scam\spam\virus emails from her any more.  But now my Hotmail sister has the same virus and I was trying to find out if the virus is on both sisters' computer or is it inside the Yahoo account.  I hope this blog page eventually leads to that answer.

I'm on board for suing them.  I lost all of my sent mail from the last 9 years or so, and Yahoo won't take any responsibility or do anything about it.

This comment made me laugh. Suing yahoo because either A: They don't care enough about the email service that you don't pay for or B: If you do pay for it, you obviously didn't find it important enough to back it up somehow. Let me guess, you're up for suing the school system for not making your child smart enough.

Yeah these people at yahoo think they can do whatever they want without consequence. I got up two days ago and went to log in to my account where i have all my financial aid papers and messages concerning a tour for fosterkids i'm doing. Both things far more important than YAHOO. My account was locked with no explination. After two hours of Emails and another two hours on the online help chat window, and 2 more days on the phone getting kicked off the phone and 3 hours of conversation with the only person i could reach by phone. All i get is its been locked and i cant help you with it. I explained the importance of the emails in my account-My financial aid for school and contacts and e-mails for a charity tour i'm doing for fosterkids. Yet they still said oh sorry we can't help. I think a good lawsuit would end all the shady Yahoo practices. If you are interested in helping fosterkids which YAHOO admitted they weren't then visit www.brightertour.com. Thanks, Mickey

Got me today too.. twice it seems. And my PC and MAC were both off while I was heading out of town for a little vaca...  Facebook? Linkedin?

If it's the Kneber virus, your computer would not have had to be on. The password could have been previously retrieved and passed to the spammers. In my case, the spam email header indicated that it was sent using the yahoo web service, which means that a computer somewhere accessed my yahoo account remotely.

I would definitely run a virus scan on your PC if I were you.

The same thing happened to me last week and today!  So frustrating.

It happened to me today. All had a subject heading of a different unknown persons name.

 

How embarrassing. I haven't cleaned my contact list in years.  I going to change to gmail

I too had this happen, and I am on a Mac as well.  But there is no record of my computer sending out any emails via Mac Mail.  Nor does my online Yahoo mail page show anything being sent out.  As a bit of safety, I changed my yahoo password, and it has not happened since.

Whatever did this did get email addresses from me, as the people who were assaulted by this were people I had emailed in the past.

I use Mac Mail too, and there was nothing in the sent-mail folder on my computer. The messages were in my online sent-mail folder. Also, the recipients were clearly pulled from my online yahoo address book, which is not in sync with the address book on my Mac.

Do you have the spam emails? Mine indicated that a remote computer accessed my account via the yahoo mail web service. This is from the email header:

X-Mailer:     YahooMailWebService/0.8.100.260964

Greeeeeeeat. And I just paid out $249.99 on YOUR SAY SO, PAL.

No biggie, unless you consider that your PRE-NUPTIAL GOOD NAME is at stake.

I'm assuming you're good for this, right?

 

Quinn, I will gladly reimburse you $249.99 plus an inconveniance rebate of $5,000. Please provide your bank account information and PIN number so that I can deposit the money. Also your email password, as this is necessary to comply with the laws of our country. I look forward to doing business with you.

But... I already e-mailed them to acanuck, like he said you requested.

And he said he'd pass them right along to you.

acanuck?

acanuuuuuuuck?

Suckers.

My theory is that Chinese intelligence have hacked into the Yahoo the same way they've hacked into Gmail.  These Viagra ads are just test runs of their hack, disguised as normal spam.  That is this paranoid liberal's theory.

Based on new revelations, it seems that Chinese intelligence is behind the hacking, but it's no test run. In a final blow to Maoist Communism, they're just hocking Viagra.

Call it "the Great Poke Forward."

As of 12/19/10 I have proof that my Hotmail (not yahoo) is being controlled by unscrupulous Chinese hackers! It is the same story,all your contacts get letters from you trying to sell then something. I did traceroute and whois and so on. I might have never known if I didn't have a bunch of Failure to deliver notices this morning. I knew those contacts were obsoletes, the Chinese did not! Well the mail daemon sends all the details, so it was easy to trace back a little.And it is all a bit twisted. apparently, A huge corp. www.dailychanges.com. Whose claims on their web site, is to provide a service for a nominal fee, And spy on someone elses server for you, What a noble business model that is! But wait, The site that my mail was attempting to lure my friends to http://www.procnbc3y.com is a front for (and name server of)http://www.f4cun.com. Seems they have been in business for several years, without ever actually publishing a web site. But where it gets really odd is that the huge spy outfit, dailychanges.com is hosting the procnbc3y site! along with some 233,000 other domains. And they all have nonsensical names as well. And all this time I was under the impression that you need a catchy name for a successful business. So at this point I gotta go with the Chinese intelligence community. If they're anything like the CIA, then this whole setup makes perfect sense to them. By the way, Hotmail is putting on a show of great concern and worry. That I am not able to buy, Microsoft employees are really bad actors!

In the future, could you avoid combining the words Hocking and Viagra? No reason, just a simple request…

You don't think that my choice of words was accidental, do you? Just be glad that my spammer wasn't hocking penis enlargements. Oops, I did it again.

This is because of that Rick-roll, isn't it?

I too had this happen on 2/15. I was horrified! It went out to my entire list including everyone on the church email list as well as the teachers at my son's school. I began to dread opening my inbox because people I hadn't seen in years were suddenly writing to question whether  I'd been hacked, had a virus or was really promoting viagra. My husband usually has a fabulous virus protection system running so I felt ashamed that I had contracted this bug. And I was afraid that friends were opening this thing because they trusted me and were also getting infected. One thing I know is that soon after this I was locked out of my yahoo account. But I was able to get back in by changing my password. I have a PC. Wish I knew how this happened because I did not enjoy it at all! It wasn't the viagr athat bugged me so much and the fact that I had been invaded! Anyone know exactly what happned?

Same thing here on June 12, 2010 - I have enough security/virus/spam stuff running on my PC to defend an entire nation and now I have to tell people that "no, times are bad but not bad enough for me to sell questionable pharmaceuticals"... I did not feel this violated when my house was burglarized, at least my name did not get sullied when that happened...

 

Hawking. It's "hawking."

Not hocking.

I donno. Where's acanuck? When he comes by, tell him I don't think I can help out anymore. He's just gonna have to raise the tone around here himself.

Hey, I've been busy. Spent most of the day watching Olympic curling. Did you see how we crushed those Danes? What's that about cheap Viagra?

Well, it seems I have been hacked on one of my Yahoo accounts and my Facebook account. This evening, I could not access my facebook or yahoo accounts. After resetting both passwords, it was to my surprise that the passwords were almost instantly unusable. One login I could use the newly reset password the next login the passwords were incorrect. What is even more disheartening is when I did get into my yahoo mail, all of the folders, emails sent, emails in the inbox, drafts and most of the contacts were gone. Does anyone know what is going on?

Same thing happened to me three days ago 2/17/10 . Spam was sent from my email account to my entire yahoo address book. It was different urls, but a lot of them were to sell Viagra. The spam mail showed up in my Sent folder. No apparent virus is on my computer and it does not seem a hacker discovered my password or has since done anything with it. I talked to a yahoo technical service rep who said yahoo mail servers were attacked and many accounts compromised. I pressed further and he wouldn't give me any more info. I asked what I could do to prevent this from happening again and he said there was nothing I could do. I have since changed my password and deleted important business contacts from my address book as they are stored on those apparently insecure yahoo servers. Yahoo will not give me any more answers, they should acknowledge publicly if there was a security breach. Thank you for blogging about this.

Hey there, Anonymous. Thanks for the comment. That's the first bit of real info to show up here. I'd like to follow up and try to get a hold of someone at Yahoo to confirm. Do you have any more details about your call with the tech? If you'd like to help, please contact me at http://dagblog.com/user/3/contact.

The spam was sent from my personal yahoo account but I am also a yahoo small business customer, which gives me access to a real phone number to call for support. When I called the support number, they transfered me to a security/technical service division. The guy I talked to walked through a few steps with me including going into my profile to see if any contact info was changed. There was no apparent disturbance of my profile, so he said it didnt seem someone targeted me specifically to steal my password and account. I then explained I scanned my computer extensively for viruses , came up clean, and that I had not to my memory clicked on any suspicious links or emails recently. When I then asked how I could've prevented this, that is when he told me there was probably nothing I could do because it was most likely a "technical" issue rather than a "security" issue. When I asked what he meant by that he said that he had gotten a lot of complaints about this same issue and that yahoo mail servers were attacked and that this was the "technical problem". I asked how many accounts were impacted and he said "i dont know" and seemed uncomfortable. He then said yahoo would follow up with me in 24 hours with an "extensive detailed report" of this issue. This got me off the phone and I awaited this report. The next day I received a canned email from mail-abuse@cc.yahoo-inc.com , which told me how to prevent receiving spam by using a spam filter, i.e. a completely useless response that had nothing to do with my case. I have since been back and forth with them over email, trying to get some answers and so far no luck. I have found a few other postings on Yahoo Answers about this with other users having very similar experiences to ours this past week. Two friends of mine also wrote back to my spam email saying the exact same thing happened to them this week, one of the people being from the UK the other from the US.

Thanks a lot for the details. I tried to contact yahoo myself and reached a customer service rep who told me that yahoo has no tech support phone number. Needless to say, she didn't give me any information about the issue.

I'm trying to see if I can network my way to someone at Yahoo, and I'll call their PR department tomorrow (though I don't expect much from that). If I write about about a Yahoo security breach, would you be willing to go on the record about your tech support call?

I first called yahoo mail services 1-800-381-0783. They then referred me to "security/account verification" which is 1-866-562-7219 and select option 2. The may ask you what small business service you subscribe to so it may be worth purchasing something low cost (biz email is something like $9/mo)if they wont talk to you for that reason.

Thanks. I had previously tried option 2 on the second number and got nowhere. Option 3 is small business, so I may try your biz email suggestion.

I called media relations and left a message, but I'm sure that they won't call me back.

I just had this problem today, and I'm pretty sure I don't have a virus. When I checked my sent folder and looked at the mail headers, I found lines like this:

Received: from [98.136.56.85] by web37407.mail.mud.yahoo.com via HTTP; Tue, 02 Mar 2010 17:23:19 PST

Received: from [68.180.216.153] by web37403.mail.mud.yahoo.com via HTTP; Tue, 02 Mar 2010 17:23:00 PST

...although with lots of very similar IP addresses.  The thing is, those addresses are all coming from yahoo.  They're in the domain mobile.sp1.yahoo.com.

No, seriously. Where's my discount?

Did any of you recently download IE8? I think IE 8 (optimized for yahoo) has been compromised.

My account got hacked too but I haven't downloaded IE 8 (I only use firefox). My computer was acting funny for a bit afterwards, letting me type in my yahoo credentials but then saying it couldn't connect to yahoo. I would search on google but when I clicked on a link from google, it would forward me to a search site "web-help...". I ran McAfee and it didn't find anything and then my browser started working fine again, but I am still changing all my passwords from a public computer first, just in case.

Happened to me this morning. I have IE8, Windows 7 and a PC (obv). Computer was off when e-mails were sent. Have changed my password, so we'll see what happens.  Am really upset by the comment on 2/20 that Yahoo seems to know about the problem, but isn't communicating that to its users.

I'm relieved to know that it wasn't just me that this happened to. It happened to me on 02/27/10. Everyone on my contact list was sent an email at 2:13pm referring them to a canadian drug website. I didn't know about it until someone asked me what it was. The messages are in my sent box. I sent the information to Yahoo. I changed my password. I also deleted all of my contacts since this is a secondary email account that I just use for facebook and on-line ordering.

I and other folks are on Macs, so I doubt that IE 8 is the issue. I finally received an email from tech support. I will fax them permissions to investigate my account on Monday.

Internet Explorer 8 downloaded to my PC on 3-19-10.  Entire address book (1127 people) got viagra email from my email address on 3-20-10.   Also, my "sent" folder in yahoo was cleaned out / deleted completely even all of my old emails from years ago were deleted by the virus.   I think you are correct that IE8 is the problem.

My Yahoo got hacked today and sent out the same viagra adds too.  I have an apple iphone and macbook.  It is probably conciendece but It sent out the adds about the exact same time i was downloading a CD on my Iphone...

Well, after watching the responses and an " Our engineers are working on it " response from the yahoo tech support. lol I revisited my wifes account today, only to be blocked by demands from yahoo to reset the password lol. Continouos messages of " Your account has had suspicious activity " and " Your account has been compromised " lol DUH! I suspect that someone has to much time on their hands and the so called engineers are big on pay and short on action, much like our financial genuises. Lets face it, they loaned money to people that had no way of paying it back. Write it off the books while uncle sam handed them our money to pay bonuses. Compare that to free mail over a telephone line. " Back in the day " as the kids say we had what was called a party line. The operator or any other party on that line could listen to any and all of your conversations information etc.

blah blah blah, Thanks for the forum, ARO

I am so glad I found this, I was starting to really get worried about my security. I have a Mac and was not even home when it happened. I got a few emails from friends asking what I had sent and realized what happened. the only sign in my actuall email is about 10 failure to send notices to some old email adds I had not removed. Nothing in my sent box except what I have actually sent. Been a little embarrassed but am trying to laugh and just change passwords and hope that works so I don't have to go thru getting an all new mail account.

This just happened to me this morning...at a very sensitive time work-wise.  First person to question me was my potential new boss...he didn't say whether he opened it or not, but I'm guessing he did - his response was a "?"

So... I use sbcglobal email, operated by Yahoo on a MAC.  If Yahoo was compromised, they owe us an explanation - or a fix - or at least a shiv for under our accelerator.  I'll jump in on any complaint.  More details...I can see the email sent in my SENT box, to 12 or so people in my email address book with different names in the subject line, enclosed are various sites taking people to various pharmaceutical website, and based on the replies, I'm guessing Viagra is one.

The harder I work, the further I get behind...

 

Just got us today.  Same thing various names to various links. Hopefully the people we know have a good anti-virus running.  I know some that would actually follow the links.  Praise the Lord for my wife and my iPhone we saw some mailer daemons kicking back messages and started to investigate. I hopefully sent out an e-mail that ours was compromised before anyone starts clicking.  My pasture may wonder why I think he needs Viagra.

I need an editor.  I know it's Pastor.

This happened to me 3 weeks ago and again today. Both times were early morning on a Tuesday — must be that viagra is needed only after  long weekends! In any case, yahoo tells me I need antivirus software on my Mac. I say they know nothing. They offered no solution to the problem other than that and change my password as I had done before. We'll see if another spam goes out in another few weeks. Maybe then they'll listen and find a solution on their end.

The same thing happened to me last weekend.  My neighbor was at my house the day prior and showing me this “new website” that he found to download catalogs of music.  When the site opened, it had a big Viagra ad across the top of the page.  I closed the page and never downloaded anything.  The next morning, I discovered that my Yahoo account had sent this email out to everyone.  I sent a Viagra ad to my 80 year old father.  Mortifying!!! LOL

I ran a check and no viruses found.  I changed my password, and haven't had another problem as of yet.

I assumed it had something to do with that website.  Maybe it was a coincidence?

If you unknowingly downloaded malware, and the malware is still there, then changing your password probably won't help. You might find that next week (or some time later), another set of e-mails go out.

Although I'm not aware of any true viruses on the Mac, it's not hard for the unaware user to accidently install malware on the Mac (although it's harder to do on a Mac than on Windows). For more on viruses and Macs, check out this from the Guardian. There is even some malware that is universal to Macs, Windows, and Linux.

I also recently encouraged several random people from my contacts list in yahoo to buy Viagra.  The old ladies from church who got it were NOT very happy with me!  :)  Still haven't found the source...  rrrr.....

Maybe they know my Pastor. See earlier post. :-)  Just happened again.  I was hoping it was random.  Changed my password.  They tend to go out when my computer isn't even on, so I don;t think it is malware.  Seriously doubt it is my iPhone.

If it's like mine, then it's done using Yahoo web services, which means that a remote server interacts directly with Yahoo's server. But the hackers would still need your password for that. Has it happened since you changed your password?

I contacted Yahoo tech support and asked them to investigate my account. They went in, but all they did was change my password (again). I've followed up to with my original inquiry. Will post the results when and if I receive them.

You sure have generated a lot of interest with this story, Genghis. I'm surprised so many other people have reported this, but I haven't heard a lick of it on any of my tech-feeds.

I agree. I wish that I could get some real evidence about the source of this thing.

So far so good. I want to give it a couple days.
More just went out. Changing the password was worthless.
Never mind. I need to learn what day it is. :-)

I've been hit several times this month, I guess they like my contacts.

I've sold everything from Viagra (to my MOTHER no less) to monster trucks. 

Now what the CRAP is the fix?!!!

Have you changed your password? I have not had a problem since I did that.

I deleted all my contacts out of my Yahoo list and changed my password.

If I get another email address, will it do the same thing?

Not if your new email address ends with @gmail.com! Cool

If you have a virus like the Kneber bot, then it could continue to happen until you get rid of the virus, so definitely do an up-to-date virus scan if you have a PC. But if a Yahoo server was hacked, then it shouldn't happen again once you change your password (unless Yahoo gets hacked again).

My gmail account was hijacked this morning. Here is the message:

I'm writing this with tears in my eyes,my fam and I came down here to London,England for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us.

We've been to the embassy and the Police here but they're not helping issues at all and our flight leaves in less than 3hrs from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills.

Am freaked out at the moment.
I was locked out of the account. I contacted gmail and got my account restored and noticed that they had changed the settings so all of my incoming messages were being forwarded to a yahoo.com email and deleted from gmail's server. What a mess. I am willing to help any way I can to stop these people.
Thanks!

So I've been going back and forth with Yahoo Customer Care to try to find out how my account was hacked. I faxed them written permission, answered security questions, etc. Customer Care then accessed my account and did nothing but reset my password. That's a bit strange in itself because I'm sure that Yahoo doesn't need written permission to reset a password.

In any case, I was looking for information, not a password reset, so I explained, again, that I wanted to find out how my account had been hacked and requested any information that they had.

Now here's the punchline--they won't tell me. To get information about my own account, I have to go through the legal department and may require a subpoena. This is starting to smell.

I'm going to get some legal advice and will follow up when I get more information. The edited email chain is below.

--------------------------------

Hello, Michael

We'd like to apologize for any inconvenience that has been caused while
you help us verify the information that is listed on your account.

We've created a temporary password which will help you regain access
right away!

Your new password is: ***************

Again, we do apologize for the inconvenience this situation has caused.
Please let us know if there's anything else we can do.

Your patience is greatly appreciated.

Thank you again for contacting Yahoo! Account Services.

Regards,
Jake

Account Security E2ENG

Yahoo! Customer Care

New and Improved Yahoo! Mail - better than ever!

--------------------------------

Hello, Jake. Thank you for looking into my problem. However, resetting  
my password was not the issue. I did that myself as soon as I realized  
that my account had been compromised.

I contacted Yahoo to determine how my account had been hijacked in  
order to make sure that my information is safe. Were you able to  
determine how the hackers gained access to my account? As I mentioned  
in my email, I use a Mac, and I don't believe that there are any Mac  
viruses that can capture passwords from keystrokes.

Thanks,
Mike

--------------------------------

Hello Mike,

Thank you for contacting Yahoo! Customer Care.

We apologize for the previous misunderstanding.

It is our understanding that you would like information from Yahoo!
regarding access to your account.

State and Federal laws strictly limit the information that online
service providers, like Yahoo!, may disclose about subscribers. If you
are seeking to obtain account information on a specific subscriber, we
will need a subpoena or a court order.

If you have obtained a subpoena or a court order for the release of
information, please mail it to:

Yahoo! Custodian of Records
701 First Avenue
Sunnyvale, CA 94089

Thank you again for contacting Yahoo! Customer Care.

Regards,

Jane

Yahoo! Customer Care

New and Improved Yahoo! Mail - better than ever!

--------------------------------

Hello Jane, I'm very confused now. I asked for information about only  
my own account. My mail account was used by a third party to send  
soliciting emails without my knowledge or consent. I would like to  
know how a third party gained access to my account so that I can  
protect myself from the loss of privacy. I am a paying yahoo customer,  
and I think it's reasonable to request any information you have about  
how my account was hijacked without my having to obtain a subpoena.

Thank you for your assistance,

Mike

--------------------------------

Hello Mike,

Thank you for writing to Yahoo! Account Services.

We'd like to apologize for any inconvenience that our process for
attaining the information you've requested may cause.

If you would like to attain access logs and activity records for your
own account, we will need you to contact our Yahoo! Custodian of Records
department. Unfortunately, our Yahoo! Account Security team does not
have access to these records.

To disclose log information and access data, we may require a subpoena
or other legal documentation. Send all such requests in writing to:

Yahoo! Custodian of Records
701 First Avenue
Sunnyvale, CA 94089-1019

For information regarding subpoenas or court orders, please call:

(408) 349-3687

If you prefer, you may fax questions to the Yahoo! legal department at:

(408) 349-7941

or submit them to us by mail to:

Yahoo! Inc.
Attn: Legal Department
701 First Avenue
Sunnyvale, CA 94089

Again, we do apologize for the inconvenience this situation has caused.
Please let us know if there's anything else we can do.

Your patience is greatly appreciated.

Thank you again for contacting Yahoo! Account Services.

Regards,

Jake

Account Security E2Y

Yahoo! Customer Care

New and Improved Yahoo! Mail - better than ever!

 

I did a little bit of testing/investigation of the message headers, and the spam seems to be coming from yahoo.  Appreciate if others can look at their message headers to see if they also point to ***.mobile.sp1.yahoo.com and post feedback.

The message header from the spam:
Received: from [68.180.216.153] by web81707.mail.mud.yahoo.com via HTTP; Sun, 07 Mar 2010 16:57:55 PST
The IP address maps to: prop24.mobile.sp1.yahoo.com, ie inside yahoo.com

I tested by sending a message from Firefox on my laptop on my company's network.  I'm not going to post the internal address/name for security reasons, but it maps back to one of our devices.

I also tested by sending a message from the web browser within my blackberry.  My company configures the web browser to go through our internal gateways.  Again, the message headers point to one of our internal servers as the source of the message.

Messages from Thunderbird on my home computer correctly map to my DSL IP address and username.

I access my e-mail from three places only - I feel reasonably safe that I don't have a virus on these places:

  1. Home computer - ubuntu/thunderbird with the latest updates.  I usually use SMTP/POP only, but I've probably used Firefox at least once to access webmail
  2. Work computer - Windows XP/Firefox 3.6/McAfee with the latest updates.  I work for a large networking company, and I think it's reasonable to assume that I don't have a virus on my laptop.  In this day and age, it's probably impossible to know for sure, but again, this is a reasonable assumption.  I only use webmail from work.
  3. Blackberry phone - browser goes through the corporate firewall.  I only use webmail on my phone.  I just have two Google apps installed - nothing too crazy.

JP

I did a whois lookup for the sending device in my case, which gave me some contact information over at yahoo.  I've got a case opened with them - will see what happens.

Unfortunately no useful information yet - just had to escalate the issue within Yahoo.  Will continue to push the issue with them.

Here's my summary of the phone call I had with Yahoo earlier today (along with some personal commentary):

  • It's an internal issue that they're looking at with the highest priority.
  • The device that sent the message was not located within the Yahoo network.  It appears to be an iPhone outside the Yahoo network.  (Hacking with an iPhone into my webmail account to send one spam e-mail - that just seems more trouble than it's worth.  Cool, but a pain - I mean, if I'm going to send some spam, I'm going to do it very slowly - one-by-one, via webmail, and on a device that doesn't have a keyboard.)
  • The problem is that the mail servers are not always including all message headers.  The problem is not that someone hacked into the network. (Really, it appears to me that someone hacked my webmail account, and did it from within the yahoo network.  If it's just a message header issue, how did the message show up in my webmail sent box?)
  • There's an internal engineering case (case 3408286) - it's definitely an engineering issue, not a security issue.  They'll let me know when it is resolved, but when I asked when it was opened, she said she couldn't provide that information.  Multiple people are working on the issue.
  • This is the highest level of escalation.  There's no more information that can be provided.
  • “We recommend that you change your password.”  (From an admittedly fairly secure hacked password to a slightly more secure, but more importantly un-hacked one?)
  • "We really value you as a customer, blah, blah, blah."

I don't blame the woman that I spoke with - she's just delivering the message.  (And she did fairly well putting up with my complaints.)

Thanks for this, JP. I don't use webmail either, but the spam was definitely sent out through webmail because the spam messages were sitting in my webmail sent messages folder.

Also, I have the following line my email header:

X-Mailer:     YahooMailWebService/0.8.100.260964

I therefore assume that the spammer accessed the account using yahoo's web service. But I'm not sure how that could have happened. I had only granted access to a few third-party apps, all reputable. You can see which apps have access under Account Info / Sign In and Security / Link your account with other sites. Immediately after the hijacking, I deleted all third party access, and I don't recall exactly which apps were in there, but none were unexpected.

My personal and business email addresses are also recipients of the spam 'I' send from my Yahoo account.  i only use the Yahoo account for communicating with people i don't want to hear from again, and when i created my Facebook account.  In the last 4 years I have sent mail to only 6 people from my Yahoo account.  They all received the Viagra ad I saw fit to send.  I've only logged into my Facebook account twice since i set it up 6 months ago, so i have no idea how it is relating here.  Several people I know who have this same problem are seeing associations with their Facebook account as well as their Yahoo account.

The message header from my 2nd message:

Received: from [68.180.216.157] by web50102.mail.re2.yahoo.com via HTTP; Sun, 14 Mar 2010 15:21:10 PDT
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Sun, 14 Mar 2010 15:21:10 -0700 (PDT)

Thanks for talking about this.  C

I'm having the same issue on 10th of March.

It kept sending lots of mail and stop once I change my password immediately.

I'm using firefox and fully assured that my pc is secure.

I did notice in the sent item header, there is different between mail sent by me manually and this spam email.

My email will have this line :

X-Mailer: YahooMailRC/324.3 YahooMailWebService/0.8.100.260964

The spam mail will have this line

X-Mailer: YahooMailWebService/0.8.100.260964

I'm currently in contact with the customer service but I doubt if the problem is in Yahoo, they will inform me.

I have just had exactly the same thing happen to me.  I wake up to find numerous emails from people asking why I had sent them a blank email and others asking why I had sent them a link to a Viagra site.  My outbox was full of these messages so this leads me to believe that my address was not spoofed.  However the messages were all sent at 1:00AM at which time my computer was definitely switched off and without internet access.

After contacting Yahoo they sent me a canned response about how I shouldn't open attachments from people I don't know, should have a firewall set up, scan for viruses etc. - all really patronising stuff really. 

They also stated

"Yahoo! Mail is a web-based email system. Your email messages, address
book and other account information are stored on Yahoo!'s servers,
rather than on your computer. Because most viruses infect your local
computer, it is very unlikely that the virus would propagate through a
Yahoo! Mail account."

So basically - even though we have all had the same thing happen to our Yahoo mail accounts within a short amount of time - apparently the problem is ours and not Yahoo's.

I have changed my password and deleted my contact list and, fingers crossed nothing has happened since (only 24 hours later however).

If the "virus"/ "worm" is on my local computer, why did it not try and propogate through any of my other e-mail addresses such as my Hotmail/ MSN messenger accounts or my OUTLOOK account?  This has really made me question the security of using Yahoo mail for my personal and business use though and I am seriously starting to look at other free alternatives.

 

The recent canadian webpage has mutated. The current hijack is webpage http://www.hndfc.info/. I'm hoping this is an isolated incident. Once again its a yahoo email account. I didn't change passwords in hope that i could coerce the intended perpetrators to attempt another launch. I am in contact with those whom believe we can overwhelm the isolated server with a mass email to overload and lock it down indefinitely. Turning their stolen adress pages against them in turn.

United we stand divided we fall!

Fantastic. Please keep us posted.

Two of my Hotmail accounts were compromised in the same way Michael's email account was.  Below is a interesting and informative article from "Ask Leo's" Blog.  Maybe this might answer some questions, though the resolves are limited.  He has a few other entries regarding this topic as well that may answer some of the questions you all are posing.

 

http://ask-leo.com/someones_sending_from_my_email_address_how_do_i_stop_...

 

 

 

I noticed the same thing.

 

My Email

X-Mailer: YahooMailRC/240.3 YahooMailWebService/0.8.100.260964

Spam emailer

X-Mailer: YahooMailWebService/0.8.100.260964

I am had the same problem on March 19th

This is the header

Received: from [69.147.111.189] by web52105.mail.re2.yahoo.com via HTTP; Fri, 19 Mar 2010 03:34:27 PDT
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Fri, 19 Mar 2010 03:34:27 -0700 (PDT)

 

One thing that has been overlooked in all of the above replies is phishing.

 

People create pages that look exactly like yahoo and when you type in your username and password they record it and then log in as you and then spam your contact list selling viagra, among other products and/or services.

 

better than 90% of the time when this happens, it is simply phishing.

So according to yahoo, you did send those emails because it was your password and username that was used to log in.

Possible but in my case, at least, unlikely. I use pop mail and rarely log into Yahoo. When I do log in, it's through a bookmark, and my password is stored, so I don't even type it in. Finally, Yahoo uses a sign-in seal that a phisher wouldn't be able to reproduce.

The phishing scam seems unlikely to me as well. 

I am in the same boat in that my Yahoo mail is stored as a firefox favourite tab which I click to log-in - with my password and username stored automatically so there is no need to click on any phishing link and enter my username/ password again.

It also seems that most of the people posting the issue here are fairly computer literate and it is unlikely that EVERYBODY on here fell foul to the same phishing trick which we have seen (and avoided) many, many times before.

Same situation - PC user; yahoo account; sent to all in my address book - only discovered because of unable to contact messages by mailer-daemon. This time asking if people would like cheap but good quality shoes from www.oifeurs.com - not happy. I have changed my password but would like to know just what to do now?

Messages were sent over 2 different days.

JC

I same situation. Got hacked yesterday. email send to all contacts selling Viagra, festival tickets & god knows what. Changed my password. Contacted yahoo customer service via e-mail.

happened to me today. very embarrasing but just shows you how nosy your friends can be. Not  my faul;t they looked at it ! seriously though I use firefox on a linux distro on one computer and firefox on windows xp on the other. So not sure which is to blame ? any ideas anyone ?

Relieved to find this thread - it happened to me this morning and, since i have my work email in my yahoo contacts, I sent the email to myself.  It was sent early AM when my pc was turned off; sent to all my Contacts and my Sent Items folder has been cleaned out. 

The mail header makes interesting reading; the originating IP address resolves on Whois to Yahoo European Operations, London:

87.248.110.141 - Geo Information
IP Address 87.248.110.141
Host n24.bullet.mail.ukl.yahoo.com
Location GB GB, United Kingdom
City London, H9 -
Organization Yahoo Europe Operations
ISP London

I'd close the account, but I've used it for a long time and have used it to register with a range of services some of which I hear from so infrequently that it would be tricky to transfer all reliably to a new address.  I've changed password too from a complex to a very complex one.  I'll just have to wait and see what happens.

I was interested though to see the Facebook link - I've had a dormant Facebook account for a few years which i only began to use again a couple of weeks ago; however I didn't use FriendFinder for security reasons.   I don't really think the Phishing theory holds up - I key in the web address each time i go to yahoo and never click through from another site.  Be interesting to see what results people get from Yahoo. 

I have to go along with the Facebook link. I usually don't do it but I may have accidently clicked the friend finder at one point while i was searching for a specific person. With this simple step i have now sent viagra ads to contacts I have no desire to ever communicate with again. While my sent box is empty my spam box shows kicked back emails from 8/13/10 to 9/13/10. Whatever it is it seems Yahoo and Facebook are doing nothing to correct the problem.

I have the same difference shown in X-mailer between the e-mail I sent out and the spam e-mail sent from my account.  In addition, I have just received two spam e-mails shown as "to" other people that were redirected to me.

I see the possibility of this somehow being connected to facebook. I signed up for facebook two days ago. I used the "friend finder" feature to import my Yahoo! Mail contact list. This morning a spam was sent from my Yahoo! Mail account to my contact list. This email had a link to some subdomain of webs.com (free hosting service). I have no idea what is on the other end of that link.

Anyway, I just went into facebook and see that they state they do not keep your Yahoo! password stored, but they do store the contacts.

I've had that Yahoo! Mail account for however long they've offered the service, so this seems like too much of a coincidence to me.

Anybody else experience the same thing?

 

I rechecked all of the emails sent from my account, and the IP was

web59610.mail.ac4.yahoo.com

which is not exactly the same as yours, but it is still within the yahoo.com domain.

It happened to me today as well: the exact same issue.   It only happened after I opened an email like this that was sent to me.  I think clicking on the link activates the self-replication and resending of the email to all of your contacts.  So if you receive one like this, DO NOT OPEN IT.

 

And Yahoo's reply above seems very sketchy, like they are trying to cover up something.

I started getting these same emails from my daughter's yahoo mail. She changed her password, and they have stopped. More likely than not, this is not an issue with Yahoo. More likely is that people are unknowingly giving up their Yahoo passwords to a Phishing Site. They get directed to a Webpage that looks like a "real" Yahoo page, but it is Phishing Site that is collecting passwords.

Once they have your yahoo password, they logon to your yahoo email and send everybody on your contact list a Spam email with a link to a "Canadian Pharmacy" Site. Upon further investigation, the owners of the site are actually in India, and their wepage is being hosted by a company in St Louis Mo.

This "Canadian Pharmacy" webpage is a joke. The only purpose of the Site is to collect more of your information to exploit. In the "report spam" link, they actually ask for your name and home phone number. On the order complaints page, they ask for the credit card number you used to place an order. Needless to say, DON"T GIVE THEM ANY OF YOUR PERSONAL INFORMATION!

The only part of this that may be legit, is the St Louis Company that is hosting the Site for this Indian company. You can send an email to this St Louis host at:

abuse@cybercon.com

If they get enough people sending them complaints about hosting a spamming, theif, site, they may boot them from their server.

I wanted to add this addition info for the Company that is hosting the website for this "Canadian Pharmacy".

Contact them and complain that you are getting spam that is directing you to an Indian owned website that they are hosting.

Cybercon.com

Telephone: 1.314.621.9991 (24x7 live); Sales: 1.800.932.2354

Email:
sales@cybercon.com: Sales mailbox for service features and prices, customized services, ...etc.
support@cybercon.com: Support mailbox for technical questions and technical help. We provide 24x7x365 live onsite tech support to our customers.
billing@cybercon.com: Billing mailbox for invoices and payment related questions.
abuse@cybercon.com: Policy enforcement mailbox for net abuse reportings. We are strongly against spams or any other net abuses. Our Acceptable Use Policies are located at http://www.cybercon.com/aup.html.

Fax: 1.314.241.1777


Postal Mail:
Cybercon.com
210 N. Tucker, Suite 700
St. Louis, Missouri 63101 USA

Yahoo has been sending out blank emails to everyone in my contacts. Emails have in the subject line titles of mail received previously, both legitimate and spam. These emails I did not send appear in my Sent folder. I am using a Mac, so none of the 'solutions' on various help pages is of any use. I have written to Yahoo twice about this but have not heard back. This is a PAID account and I expected some help. Don't know how to query the message header, but if anyone will tell me how, I will contribute my findings.

This happened to me and another friend of mine. The common things we had were:

1. Linked Facebook with Yahoo, have used friend finder. My friend with Hotmail and Facebook.

2. Had same password both on Yahoo and Facebook.

 

So my guess is we have been hacked thru' facebook. Unlink your facebook and email. Change your facebook and email passwords.

There is a very simple solution.

Log in to your yahoo email account and change the password.

This happened to me today. I got up & found replies from several people in my address book on Bellsouth/Yahoo & I didn't email them. Two separate emails with links were sent from my acct at 5:15.

 

I ran my virus scan again---nothing. Ran the Microsoft malicious software tool---nothing.

I changed my email PW & my Facebook PW and am trying to figure out how to unlink them. I guess they're linked because I get an email whenever somone posts on my Facebook wall, etc.

 

Any other helpful suggestions?

Thanks!

They got my gf today, I had a email from her yahoo account selling me viagra,

this url http://grupoecogold.com.br/com/index.html

asked her what the hell?

turns out she had 4 in her sent items, about 10 recipients each.

My dad, her mom, my mom, friends, etc.

hello Mike,

      my yahoo email account had the same thing happen to it i sent my grnadma aunts uncle's parents brothers sisters ex's and former teachers a selling add for cialis and viagra...??? Can't sign in to my account says the password is invalid, i just tried to sign on to my online banking that had the yahoo email adress on file and now i can't sign in to my online banking account it too says that i have an invalid password??? Do you think it's related?

It sounds different from what I had because my password wasn't changed. You could have the Kneber bot virus.

Call your bank immediately. Then do a virus scan and contact Yahoo customer care to have them reset your password.

I too just tried to sell everyone cheap Canadian Drugs. WTF? I have a Mac..but did check my email elsewhere. Yahoo has done nothig for me also. I actually had this occur on an aol account but from a yahoo based group.

Well, I am not linked to facebook, and I own a mac and it just happened to me. Also, I use a book mark link to get to yahoo and I don't type in my password. Firefox has it saved.

I found out because I have my own email listed in my contacts- Soooo I sent myself spam, and I did it while my computer was not even turned on!- according to the time sent. Lovely... sent this to my spiritual teacher too. He just asked me why I did that. fucking lovely....  this is so not OK. I just changed my password and I geuss I'll delete all of the addresses in yahoo account. Yahoo just fell from grace as far as I'm concerned.

This happened to me yesterday at 10:53am CST and again today at 9:07am CST.  I was not on the computer both times.  I use yahoo mail as a junk account.  I use gmail as my main email account.

Yesterday and today the offending messages were in my sent folders.   When looking at the messages, I could see my facebook pic with an "f" on it so I wonder if fb is somehow involved.

Yesterday, I ran all the spyware/malware programs that I could and they found nothing.  I removed all 50 or so contacts from Yahoo mail and thought that would do it. 

Today, the virus/person sent a new message to my old 50 odd contacts again even though they had been removed.  I went to the Major Geeks forum and followed their instructions for cleaning and found nothing. 

After reading everything here, I changed my yahoo password, changed my facebook password and removed all facebook apps that linked to the outside.  There was one for yahoo.  Hopefully my account will not send more spam tomorrow morning.  We shall see.

Why is this not front page news on the internet?  I think we should all tell Google about it.

 

I think this is news worthy.  I've never had an account compromised or infection.  I'm an IT professional, it's my job to keep others clean and secure.  My own systems are immaculate.  But somehow my Yahoo account suddenly decided to spam people at 4:36PM EST today.  I originally suspected someone compromised the security of my iPhone wirelessly, or tapped into ATT's website... but it appears YAHOO is the only common thread we all share.

I agree that it's newsworthy, but I haven't been able to get any confirmation.

The exact thing everyone is describing happened to me last night. My friend emailed me this blog link and I changed my password on Yahoo. anything else I need to do or should I get rid of my Yahoo account. I've have this same account since FOREVER and don't want to do that if possible. Any ideas?

I'll second this one. Having combated viruses/malware for 20+ years now, I'm extremely anal not only about protecting my systems, but monitoring activity. I've gotten the occasional spam e-mail from friends and family who have Yahoo! accounts as well. Today was the first time it happened to me. And it was only through my Yahoo! account, still keeping an eye on everything else and checked passwords. My instinct tells me that there is something in Yahoo's systems. This is dang odd to only be through Yahoo...

This just started happening to me yesterday and today as well. I strongly suspect it is related to Yahoo's servers being compromised, but who knows.  I have not been on my PC's tonight so it must be happening via my iphone or macbook if it is something on my end. Just changed my password to be cautious. Scary.

Woke up this morning to this same problem in my Yahoo mail account (I'm on a Mac using Firefox).  There are only 2 things I can think of that might have compromised security.

1. I received an email from a friend of this nature, and I opened the email but did not click the link (which was written to look like a blog address ie. http://www.dslkf.blogspot.com ).  Now the emails my account is sending have a similar "blog looking link" in them.

2.  A couple weeks ago I borrowed an iPhone from someone to log into Yahoo mail so I could get some info from an email in my inbox.

I've changed the password, but I somehow don't think this will help, I think this is a problem on Yahoo servers. I'm tempted to delete all address book entries but that's a lot of work.

This just happened to me yesterday.  Thankfully I didn't have many contacts in my address book but I recently used the website www.mobiles24.com and used the yahoo email address that was comprised to sign up.

WOW. I just read thru this whole page...interesting stuff. I had this problem starting back in January. It happened twice in about 10 days. I subsequently deleted my yahoo email address book and never had the problem again.. UNTIL I re-added a name to my addressbook! Fortunately it was my wife's name/email! LOL! I did not know it, as she hadn't said anything to me, but she has since been getting DAILY spam messages from me! I checked my sent folder and some were there, some were not. Also contacted Yahoo, same run-around, must be a virus, etc on your machine---when I told them I use 4 different Mac products (Home iMac, work Macbook Pro, iPhone 3GS, iPad) to access my yahoo acct, they said I must dl and run anti-virus on all of them! And, I should contact Apple support! They were very nice and gave me links to all the necessary 'other' resources to help me! But, nothing that actually helps me. Talk about an expensive solution...if that's a solution. I also just changed my password, at their insistence, but it sure appears to me that this is a Yahoo problem, not an individual user problem. This is a major inconvenience for me, as I have used this yahoo address for about 12-13 years, and many of my friends, colleagues, acquaintances, societies, associations, etc all have this as a contact email for me. It wont be the end of the world getting rid of it, but it would be major inconvenience. I will see what happens over the next few days, add my wife in again (LOL!) and see what happens then. If it stays clear for a couple of more weeks, I will re-add my addresses ( I had dl'd them to my computer) and hopefully that will be the end of it. If it happens again, sayonara Yahoo!

I'm going to amend my story.  I have a 2nd Yahoo email account that I rarely use, and hadn't logged in to in about 6-8 months.  Today, I found the same bounced emails in my inbox from the spam program attempting to send to the emails in the address book that were old/outdated.  There is no way this is the result of something I did, I haven't used this email account in 6-8 months.  This is definitely a Yahoo email server problem.  I changed the password anyway and deleted the address book entirely.

That sounds like a pretty good confirmation. A question for you--some have suspected that a third party web service was hacked, rather than Yahoo mail itself. Did you grant permission to any other sites, i.e. google, facebook, to access either or both of your yahoo accounts?

I do use one account for Facebook, but I do not think it has access like that.  I've used the "friend importer" on Facebook for example, but each time I've used it, it requirede a pasword to be entered, it did not store the password and I do not store my passwords for auto-fill.  The other Yahoo address, the one I rarely use, has never been used for anything like Facebook or Google, so that's why I am pretty confident it's not a user-problem.  I found more bounced emails in my original Yahoo account this morning so I exported my contacts and deleted my entire address book. So changing the password did nothing. Pretty darn annoying.

I believe this is caused by a third party app that retrieves all the addresses in your address book and can send them messages with or without the account owner's permission. Most social networking sites like; facebook, plaxo, myspace and etc..  can easily access your address book in your mail account. I have even noticed that they can even find out whom you have emailed regularly even if they are not in your address book. Maleware could be a cause but I doubt it. This is probably some phishing site that is acting more maliciously!

Every time you go to a site, they put  cookies on your machine and also record all your clicks. You can easily be tracked on the internet. So when you get an add popping on a website you're surfing, that add could be specifically for you (not always though). Here is the rule of thumb; unless you setup a server at home, get your own domain name and run your own mail and all behind the firewall, you should expect these kind of things to happen. Especially if you use free services; like yahoo, gmail, facebook and etc..

 

Thank you for the gift of your sage wisdom, oh enlightened one. Though it may be presumptuous for a simpleton to offer advice to a guru, I nonetheless present you this ancient proverb, "The man who giveth patronizing counsel on matters of which he knoweth nothing be like an incontinent donkey with two assholes and no head."

PS Learn to spell "ad." There are only two letters, so I think that you can handle it.

After reading this entire page its clear what must be done. Cancel your yahoo accounts and never use them again. I know its a pain esp. if you use Yahoo as your primary acct. But this is going to keep happening as long as you use yahoo. Your password was stolen once from yahoo's servers - it can be stolen again. And again. It would be one thing if Yahoo were all over this, and publicly communicating with their customers with regular updates. But they a clearly stonewalling. F Yahoo.

I FIGURED IT OUT!!!!!!!! I'm in a unique position because about a year ago I opened a Yahoo account but NEVER used it for anything except to set up an account in the Yahoo "Matches", i.e. dating section (which went nowhere BTW!). So tonite I went to my unused Yahoo account and found the email (below) "from Facebook".... or I should say supposedly from Facebook. Its a total and complete fake. A pure phishing scheme - and a pretty good one at that. It reads well. How do I know its fake? 1. I NEVER connected my Facebook acct to my Yahoo acct. Facebook's computers would have no idea I was on Yahoo. This message could only have come from within Yahoo or someone who had hacked into Yahoo. Not only did I never synch my Yahoo acct. to facebook, I never linked my Yahoo acct anywhere. It existed in isolation. 2. Its addressed to "Mike". Thats not my real name. I only used that name for my Yahoo acct. Any email addressed to "Mike" had to have come from within Yahoo. I did not open any of the links in this email. But I'm sure once I did it would asked me for passwords. This phishing scheme relies on 2 assumptions. 1) a fair number of people on Yahoo are also on Facebook, so they would not consider it unusual to get email from Facebook on their Yahoo accounts. 2) people tend to use the same password for different accounts. Therefore when the system asks you to identify your Facebook password (new and old) it presumes that in a certain number of cases it'll be the same as the yahoo password, and - bam - they have access to your Yahoo account and they've got your address book. The scariest part to this is people are reporting that changing your password - which should work - doesn't help. This malware, once downloaded, has some way of accessing not only your current Yahoo password, but any future ones you may use. And even scarier - what's the REAL purpose of this scam? How many people are really buying the Canadian viagra? I'm guessing not many. Which means someone went to great lengths to create an elaborate scheme with no apparent purpose. But all viruses/malware has a purpose. What's the real purpose here? A test run for future more harmful scams? Thoughts? Ray aka "Mike" Oh BTW - the scheme is clever - but not that clever. A "step by step tutorial"? PLEASE! When was the last time Facebook ever offered a tutorial on ANYTHING??!! :) Hi Mike, Recently, we made changes to privacy settings that give you more control over the information you share. When you log in, you'll find a step-by-step tutorial that guides you through the process of selecting privacy settings that are appropriate for you. The tutorial won't be available for much longer. We're asking people like you, who haven't customized their settings since the change, to do so as soon as possible. To customize your privacy settings, just go to: [url redacted] Thanks, The Facebook Team Check out our privacy guide to learn more about these changes: [url redacted] ======================================= This message was intended for [email address redacted]. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe. [url redacted] Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.

PLEASE NOTE ..... AFTER REPRINTING THE FAKE FACEBOOK EMAIL IN MY COMMENT ABOVE, I NOTICED THE LINKS ARE STILL ACTIVE . DONT CLICK ON THE LINKS ABOVE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Yahoo has been hacked, plain and simple. I have two friends sene me this stuff.

I have little different story than the rest of you. The exact same thing happened to my wifes email account, but she has a comcast.net email account not yahoo. Everything else is the same. Everyone on her email list got emailed about a canadian drug company. It has happened twice in the last week. There is no way it can be a virus or have anything to do with my pc, because comcast.net is an offsite server. I didn't even have the pc on when the emails went out. Plus you don't download anything when using comcast it all online via cable connections to their server. My brother is a tech person for a hospital and a doctor there just had this happen last week and he has AOL. So whatever is going on it is wide spread. He said that the only way to stop it from happening again is to change your email and tell all of your contacts your new email address. He said that it has to be hackers hacking in to the different providers and getting your email address and all of your contacts. Once they have that they can just send the emails from their own locations at anytime. We are not sure if this is what is going on, but it sounds like it could happen.
Oh ya I forgot to mention that I don't use IE8 I am using firefox, so that isn't it either. My wife does have a Facebook account but never connected her comcast account to it, so I don't think that is it either. I think that these carriers are getting hacked and are trying to keep it quiet.

It has happened to me twice now, the second time being this morning. All the comments about Facebook reminded me that yesterday I received a "friend request" e-mail from FB and that when I clicked on the person's profile (not accepting mind you) to see if I knew the person from some other friend, the profile did not even come up, it just took me to my "friend notification" page. It seems to me that the same thing happened right before the last hijacking incident. A couple of questions. Will changing my Y! password be sufficient or will I have to delete my address book as some have mentioned, and if so what then? How do I keep in contact with everyone? I don't particularly blame FB, and am wondering what to do.

The same thing happened to me today

Same thing happened to me last night.  Everyone in my damn address book received multiple spam messages about Canadian medicine!!

My Yahoo! account was similarly used to send Viagra spam to everyone in my address book. The message did not appear in Sent items, and the message was sent from an IP address localted in Russia. I use Firefox with NoScript, am pretty paranoid about what I click online, and have good antivirus. (A full scan, with several products, revealed no problems. I work in IT and am used to running multiple scans to find well-hidden or stubborn malware.)

However, I had a mostly-forgotten FB account which used the same email address AND password as the email account which got hacked. http://abcnews.go.com/Technology/facebook-accounts-sold-russian-hacker-k... I'm pretty sure this is what happened to me: my FB account was among those harvested, and my password, though a good, non-dictionary-based one, was used for both. (In hindsight: that's stupid, especially with Facebook's stellar reputation for privacy, security, and such.)

Anyway, just thought I'd add to the discussion in case it helps anyone else figure out what happened. (I've since changed passwords on all related accounts and anything tied to that email address and removed all email addresses from contacts since I rarely use that email account anymore.)

My Yahoo account sent either a blank email or one with a link to a viagra ad to all my contacts about 1:45 a.m. today.  I also got these emails from "myself"  I've since deleted all my contact list and changed my password, but what good will that do if Yahoo's servers get hacked into?

Same thing happened to my husband and me last night.  Have not upgraded to IE8, but we use Yahoo, and our FB accounts are linked to our respective email accounts (have removed the links today).  I did have the bogus emails in my Sent folder, and had a bunch of errors in my Inbox folder, which is how we noticed the problem.  All emails sent seemed to have different URLs in the contents, but I don't know where they went as I did not click on them.  Bitdefender and SpyBot turned up nothing.  Any news on the "help" from Yahoo?

Still going 6/13/10. 10 outgoing emails from my friend's Yahoo account to about 7 recipients each in the trash folder, six months of sent mail deleted. Two different IP address on the outgoing emails: one from Denmark, one from the Netherlands. Conceivable connection to Skype, but unlikely judging from the comments here.

actually - yes - i just had a mailer-daemon reply on an email account that has the same password as my facebook account.

 

i actually sent an email from this yahoo account, and got a reply instantly that the email did not make it to the purpose-account, and that the .EML text attachment was attached, and the reply-ee being a mailer daemon.

of course, yahoo would not allow opening of the attachment because its a virus.

ive got another yahoo account that is registered with facebook (both accounts registered on facebook...actually) but the password is not the same as the one used in the daemon account or facebook.

i created the new account to keep FROM having issues with spam due to the age of my opposing account having so many contacts on it that are important - IE - business opportunities, school professors, etc etc and now this new account is the one that is compromised.

now im going to change both facebook and yahoo mail passwords on all accounts.

BTW i did a massive scan, im a computer engineering major, and my computer came up clean - as did my laptop which i built from scratch.

all of my passwords meet business encryption standards and contain letters and numbers.

"Maleware could be a cause..."  

That's it, Genghis, have you tried changing your boxers?  Or maybe that old pizza-stained tie-dye....

Works for me.


This just happened to me on 6/12/10. My facebook password was the same as my Yahoo Mail password. Was this the case for anybody else?

I got hacked, too, on Friday June 11. Viagra spam was sent to my contacts. I knew right away, because I am one of my own contacts, so i sent myself spam, plus got some bounced email notices in my inbox. I was able to log into Yahoo with my old password, and changed the password and recovery email address.

I changed all my passwords everywhere online, since the hacked account had my favorite password attached to it, as well as my favorite username. Dumb, to use same username and password everywhere, I know! The password was pretty strong, but not super strong.

Spent 9 hours!!! changing usernames where possible, passwords everywhere (using http://strongpasswordgenerator.com/) and linking online accounts to my gmail account, not yahoo email.

I'm on Mac, so it was not a virus, and I know phishing when I see it. Either something's going on at Yahoo, as others have suggested, or security was compromised at some other site where I use that username and password, and they took that username and password straight to Yahoo to see if it worked, and of course, it did. They probably would have tried Facebook next, but I beat them to it.

They sent the spam out using the Yahoo web interface, my computer's email client was not involved. I could tell bcause my yahoo online contacts are different than my computer's email contacts.

The contents of my inbox were gone, and there was no record of the sent spam in my sent mail, but my old sent mails were still there, as was my contact list.

FWIW, my password was the same as my Facebook password, as well as for a LOT of other sites I'm on, which as I mentioned, I know is dumb. Facebook was not hacked, though, I think they started with Yahoo.

No other accounts appear to be compromised, but then, I was quick to respond to the initial Yahoo hack. I will be closing my Yahoo account soon, assholes. Their non-responsiveness to this is inexcusable.

BTW, did anyone else notice that Googling, my Yahoo email hacked, brings a bunch of utterly lame Yahoo Answers posts to the top of organic search? This particular blog post was the only post with actual content regarding this problem, and it was relegated to the second page.

Yahoo knows enough about search to bury real content about this problem under a pile of fake Yahoo Answers!

Anyway, I can't stress enough using strong passwords, and a DIFFERENT password for every site. And don't use yahoo email addresses for password recovery, if you use yahoo email at all.

I've started getting this type of message over the last couple of weeks, from multiple different, unrelated sources. Info seems very hard to come by, found this page finally, seems like the only legit discussion of the real issue anywhere. Quick rundown of what I'm seeing:

-3 messages, 3 different sources

-Two links to med sites, one random uname:pwd combo

-Senders systems: 1 Yahoo, 1 Comcast (Yahoo? still verifying), 1 AOL (outlier!)

-URLs leading to junk domains redirected to med sites.

WARNING - listing URLs for completeness. CLICK AT YOUR OWN RISK.

message 1, Yahoo user

header snip:

Received: from [83.20.105.32] by web44803.mail.sp1.yahoo.com via HTTP; Fri, 04 Jun 2010 12:15:16 PDT
X-Mailer: YahooMailWebService/0.8.103.269680
Date: Fri, 4 Jun 2010 12:15:16 -0700 (PDT)

; <<>> DiG 9.4.3-P3 <<>> wujudiyi.t35.com a +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
wujudiyi.t35.com.	12021 IN A 66.45.237.212
wujudiyi.t35.com.	12021 IN A 69.10.48.106


message 3 - from AOL user

from headers:

Received: from oms-ma02.r1000.mx.aol.com (oms-ma02.r1000.mx.aol.com [64.12.140.130])
	by omr-m32.mx.aol.com (8.14.1/8.14.1) with ESMTP id o5FDdU8s008689;
	Tue, 15 Jun 2010 09:39:30 -0400
Received: from mtaout-da02.r1000.mx.aol.com (mtaout-da02.r1000.mx.aol.com [172.29.51.130])
	by oms-ma02.r1000.mx.aol.com (AOL Outbound OMS Interface) with ESMTP id 6304B38000084;
	Tue, 15 Jun 2010 09:39:29 -0400 (EDT)
Received: from core-dda002c.r1000.mail.aol.com (core-dda002.r1000.mail.aol.com [172.29.52.5])
	by mtaout-da02.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTP id 181DBE000090;
	Tue, 15 Jun 2010 09:39:27 -0400 (EDT)
...
X-Mailer: AOL Webmail 31888-MOBILE
Received: from 189.83.230.44 by webmail-d069.sysops.aol.com (205.188.59.134) with HTTP (WebMailUI); Tue, 15 Jun 2010 09:39:26 -0400
Message-Id: <8CCDAA74EB74F88-14D8-C218@webmail-d069.sysops.aol.com>
X-Originating-IP: [172.29.50.137]
Date: Tue, 15 Jun 2010 09:39:27 -0400 (EDT)

hmmm. looks like a mobile client. origin IP appears to be in private address space. could all be spoofed, of course. ok, how about that domain?

; <<>> DiG 9.4.3-P3 <<>> http://www.vhc4.womanhealth-c.com +multiline +nocomments +nocmd +noquestion +nostats +search

;; global options:  printcmd

http://www.vhc4.womanhealth-c.com. 900 IN A 210.93.104.133

http://www.vhc4.womanhealth-c.com. 900 IN A 72.252.155.201

http://www.vhc4.womanhealth-c.com. 900 IN A 96.55.211.105

http://www.vhc4.womanhealth-c.com. 900 IN A 71.203.188.73

http://www.vhc4.womanhealth-c.com. 900 IN A 190.140.114.196

Domain Name: WOMANHEALTH-C.COM
   Registrar: CENTER OF UKRAINIAN INTERNET NAMES
   Whois Server: whois.ukrnames.com
   Referral URL: http://www.ukrnames.com
   Name Server: NS1.DORROTY.NET
   Name Server: NS2.DORROTY.NET
   Status: ok
   Updated Date: 14-jun-2010
   Creation Date: 14-jun-2010
   Expiration Date: 14-jun-2011

 

all i can do for now, i'll try to get back to this later, wanted to put it up while i could...

 

keep hunting!

I had this happen on the 13th of June.  I would not have known, had some of the emails not bounced back because they were sent to "no reply" emails.  I quickly determined that every time I received an email, an email was sent from my Yahoo account to that address.  It consisted of only a link, one that was for a Canadian drug site.

We finally discovered what was happening.  Apparently someone had gained access to my Yahoo email account and had set a "vacation response".  It was set to run from June 13, 2010 to June 13, 2013.  The only thing in the text area was the link to that Canadian drug site.  So every time I received an email, a responding "vacation response" was being sent to that address with this URL in it. 

I changed my password, cleared the vacation response settings and things are back to normal (for now).  It was an easy and quick fix once we determined what exactly was causing the unwanted return emails.

Thanks to everyone for posting, especially to Genghis and Anonymous in KY.   After 3 days of freaking out, researching, copying and comparing information, this blog really IS the only place that I've seen similar problems.

Very anal detailed background:

* I'm on Mac OSX Tiger.  I've read articles that mention newer malware can be downloaded from visiting a webpage (not opening link) AND Tiger can't detect this download.

* I use several Yahoo and Gmail accounts.  Thankfully, the corrupt account is the anonymous one I use for RECEIVING subscriptions, not SENDING email and contained less than 25 Contacts.  1/3 were mine/spouse (and went directly to spam/junk folders), 1/3 bounced.

* I'm on Firefox 3.6.   I rarely use Safari 4.0 or IE 5.2 (for the Mac).

* I do have Facebook, but rarely go there and nothing is linked.

1. On Wed 6/16, 4:36am - blank email is sent to myself.
Subject: vacation response.   no message.

2. On Wed 6/16, 4:36am - second email is sent to myself.
Subject: vacation response.   Single line pharmaceutical link.

3. At 8:23 am, 3 emails were sent (max per email = 9 addresses), no Subject, different links in the message.
X-Mailer: YahooMailWebService/0.8.104.274457

4. My Options were also changed:
a. 'save emails to sent folder' was UNCHECKED.
b.'save new recipients to Contacts list' was CHECKED.
c. vacation auto response was set - June 16 2010 to June 16 2013. And I can't seem to change the dates.  I did turn off the feature.
d. automatic message had 4th spam link.  Which I changed.

+ I deleted my Contacts list and changed my passwords on all Email accounts.

I am really hoping this is it because I've spent WAY too much time researching what I need to do.  I've been extremely lucky  but I have other accounts and I've seen fix-its ranging from 'change your password' to 'rebuild your computer'.

I haven't created a new account yet, so, uh, the email listed for this message shouldn't be replied to.

 

 

 

 

Update on my Yahoo email: It got hacked again, June 20 around 10pm. I had deleted my contacts after the first hack, so apparently only one spam email was sent, to myself, from myself. I would have gotten some bounce messages like last time otherwise. The spam was for Viagra. I was agian able to log in and change the password.

Interestingly, after the first hack I changed my password to a 14 character mouthful of gravel from strongpasswordgenerator.com. There is no way any password program could have cracked that password. Obviously there are security issues at Yahoo.

FWIW, my brother the programmer says Yahoo as an organization is disintegrating, nobody's minding the store. Yahoo is not serious about security. From word of mouth in my circle and on Twitter, increasing numbers of friends are getting their Yahoo accounts hacked, and there are a variety of spams/scams that occur as a result of the hack.

He says that in hacker world, there is most certainly a known exploit in the Yahoo security system that sociopathic programmers are right now using to generate newer and more sophisticated programs to harvest Yahoo email accounts. They are programming away as we post. More and more spammers/identity theives/sickos will jump on this bandwagon with various motives and objectives. This will continue to happen until Yahoo fixes the exploit, but we have seen from this thread that Yahoo niether acknowledges nor is really serious about fixing it.

Bottom line, switch to gmail.

Anyway, I still have my Yahoo account open, but it is stripped. No saved emails anywhere, no contacts except for myself (so i can get the spam when I am hacked again). I am leaving it open to recieve the large amount of email i still get to that account, and notify people as need to use another account to contact me. I delete emails as as soon as I get them and then empty the trash. And delete any dsent emails as soon as they are sent.

If you want to still keep you Yahoo account open for some reason, here are some precautions:

--strip the account of your personal info. Real name, adress, anything. Birthday. Really poke around in Yahoo. You may be surprised at the information you have given them.

--See what security questions you've given yahoo. Change them to inaccurate answers and write them down somewhere so you don't forget.

--strip the account of all folders, inbox, sent emails, drafts, everything. You don't want them havng the verification code for your gmail account, or worse.

--Double delete your contacts. Even if deleted, they are still there. Poke around in the contacts pane.

--Did you ever pay Yahoo for anything? Mail Plus? Personals? Pay Flickr Pro through Yahoo? Then you have a Yahoo Wallet. This is bad. Find it and strip it of credit card info.

--Um, you don't have Yahoo Paypal Checkout or Yahoo Express Checkout through My Yahoo, do you? Well, now they do, too.

--what email addres did you give Yahoo as your password recovery address? Is that a secure provider? Does that account have a unique, very strong password?

Good luck!

There is no way any password program could have cracked that password. Obviously there are security issues at Yahoo.

Although I won't dispute that there might be security issues at Yahoo (and not only will I not dispute it, I strongly suspect you are right), I should point out that even the strongest password will not do you any good if your machine has been compromised with a trojan horse that is, for example, recording your key strokes. Of course, if that were the case, I'd expect far more unpleasantries than simply sending mass spam.

Atheist, I think my computer is secure, and the hack was to the online yahoo account... Evidence is that the contacts involved are from online, which are different than email client, and I'm on a Mac so Trojans are unlikely, and as you said, there would be more grief if they were keystroking me somehow. Hope I'm right!

I agree with Jeannette. There are PC viruses that can capture keystrokes, as I linked to in the main post, but no known Mac viruses or trojans that can. The number of people who have claimed to have the problem despite using Macs or virus-protected PCs definitely suggests a security breach at Yahoo.

BTW, good advice Jeannette. I also deleted all my contacts from Yahoo (except for a secondary email address of mine to monitor whether it happens again). I should have added the recommendation to the main post and will do so soon.

PS I've also heard plenty of criticisms of Yahoo from people in the business. I filed a Better Business Bureau compaint against Yahoo, though I'm sure it's useless.

I agree with others - this is most likely a Yahoo internal security problem. I am a software developer and am very security conscious, but my Yahoo account just got hacked as well.

If I have to take a guess I would say it is some Yahoo employee who is selling everyone's account details to the spammers. Anyway, I am closing my Yahoo account.

Thanks for the GREAT advice.

 

I did receive a response from Yahoo Security  .. basically saying that I downloaded a virus.  This is where I am extremely grateful for this blog - I don't open strange links or odd messages from friends ... but I do download Adobe or Firefox add-ons. Foot in mouth

I didn't think my Mac needed virus protection, so if I didn't stumble on this blog, I'd probably keep buying software until I "found" something.

 

* Strip the account of personal info - got it, never added anything "truthful".

* Strip the account of all folders - crap ... any suggestions on how to download or transfer folders?

* Contacts - got it, will check thoroughly.

* Yahoo payments - I'm pretty sure I never have ... but I'll need to think hard on that.

* Recovery address is a paid-for account.   I'm also going to start using gmail for everything.

 

lastly .. this is a riot.   I received a bounce back to an email from last week --- apparently I sent a spam auto-response to a spam email!   love it.

 

 

let me tell you why yahoo cant give you information about why it was hacked: THEY DONT KNOW; afaik nobody in the tech department on ANY email provider knows. they are still "investigating" this problem.

I have received three such messages in 2 weeks, one came from my brother who has a yahoo account and does not have facebook.  The second came to my work email address from someone with an AOL address.  The third came to my work address from someone with a Comcast address. 

So, this may have originated with Yahoo but it's widespread.  Best suggestion, which is advice I wish I had taken ... if all that comes in a message from anyone, even if it's family, friends or clients you trust is a link to a website, delete it. 

My email has done the exact same thing.  I randomly send out emails for a Canadian Viagara company.  However, mine was in a hotmail account.  And it all began when I got an email from a friend with a  link.  I opened the link and it was the Viagara website.  Now my email sends those same links to my contacts!!  SO FRUSTRATING!

Hmmm. If its widespread across email hosts, i wonder if there's some social engineering involved (clicking, phishing) at least in some cases.

As for my case, I swear I have never clicked on a Viagra link either on purpose or by mistake. And I never visit dodgy sites (yeah I'm boring). I am certain that the breach was not on my computer but within my online Yahoo account.

However, I just learned from some security experts today about "web bugs" embedded in pages, as small as 1 pixel by 1 pixel, but containing code, I am assuming javascript, that can infect a computer. And that scammers have learned how to place malware infected banner ads masquerading as ads for well known products and placed by well known banner services like doubleclick that link to a fake site or perhaps have the malware embedded in them. A lot to think about. But my hack was not an infected computer but a compromised onine account. I think.

I surf with the Firefox plug-in NoScript, which is a PITA, but generally helps keep me safe, I'd recommend it.

And I never visit dodgy sites

What do you think this is? Wink

LOL, uh oh. Well, I notice I'm kinda itchy lately...

Dagblog is not responsible for skin inflammation, venereal diseases, mental deterioration, or other ailments contracted through this site. Read at your own risk.

Thank you,
The Management

Add me to the list of the compromised. Yay! BTW, I'm an IT professional and web user since the early 90's. I use strong passwords, keep secure Win7 & Debian boxes, and I know I didn't get phished.

 

Funny thing is I actually pay for the yahoo plus service and the yahoo customer service has been nearly non-existent. 10+ hours since I followed-up to the remplate letter they sent, and still no reply.

 

The only thing I've done differently in the past 3.5 years on that account was to link my DB account on June 17th, coincedence? Probably, but I now they got brute forced on some other 3rd party app some months ago, so who knows.

http://www.scmagazineus.com/rampant-brute-force-attack-against-yahoo-mai...

 

Oh well, changed my pass, nuked my contacts, moving to my other provider.

DB = FB... facebook, sorry, been working with MySQL all week :)

Thanks for finding the article, Spagnonymous. That sounds like a highly plausible explanation for the security breach. I've added a link to the main post.

Same thing happened to me, today, 6/28/2010. Russian viagra links sent to all my contacts -- hundreds and hundreds of them.

And all my sent messages from the past 1+ years have been deleted.

And yes, I also use a mac -- although I do check my e-mail from a PC occasionally.

And I, too, received and opened a similar e-mail from a friend two days ago...

 

Who knows?

 

But yes, I'm pretty pissed off, too...

 

 

 

After reading all of the posts, my conclusion is that Yahoo's servers were hacked and everyones' personal information stolen, as the one thing we all have in common is Yahoo email.  My Yahoo email software was provided by SBC/AT&T years ago as a bundle with their DSL, and I am wondering if everyone else has the same Internet provider?  My guess is that this is not the case and some people are probably using a different version of Yahoo, such as the free email, which would further point the finger towards the problem being a Yahoo security breach.  I am not registered with Face Book, My Space, etc., so I do not think the problem is stemming from those web sites.  I own my own business and am working on the computer every day, so I make sure to run a good virus program, scan for spam, and clean cookies.  I have five email accounts with Yahoo, my main business account and four subaccounts.  One subaccount was created for my mother years ago, but she never uses her computer or checks email.  About one week ago while at a family gathering, my cousin mentioned that my mother had been sending emails to his cell phone.  That struck me as odd, since I knew my mother was not using the email account.  I checked the account, and sure enough, there had been emails sent out to the seven contacts in her address book, which were all relatives.  Three of the emails were returned because the addresses were no longer valid.  Other than the returned emails and my cousin mentioning he was receiving them, I would not have known the account had been compromised, as there were no messages in the sent folder.  At that time, I searched the Internet to see if anyone had encountered the same situation with their Yahoo address book being compromised, at which point I found this site.  I made sure to thoroughly scan my computer for viruses, spam, etc., but everything came back clean.  My next step was to change the password on my mother's account and verify that none of my other accounts had been compromised.  Well, on Sunday (yesterday) at 5:42/5:43 p.m. PST, my main business email account had apparently been accessed and 94 emails were sent out with a link inside.  There were seven emails returned because of invalid addresses, and all of the original messages were still in the sent folder.  Oddly enough, the same email was not sent to my other subaccounts, even though those addresses were also in my address book.  Another interesting thing was that all 94 emails were sent out in a matter of two minutes, with nine separate messages being created to divide the contacts in my address book.  This really does not make sense to me because if it were human intervention alone, wouldn't it take more than two minutes' time to create nine separate emails and add each address by clicking on them individually?  An easier way to have sent out the mass spam mail would have been to simply click on the box to send the message to all contacts at one time (I am not sure if this will help elucidate what might be happening, but I thought it was interesting).  I have since changed my password on the main account and deleted some addresses from my other subaccounts, as I am thinking the same thing will occur there in the next few days.  I debated on changing the password on those accounts as well, but I am curious to see what happens.  I then attempted to phone Yahoo and pressed various prompts to see whether I could reach an actual person, as their outgoing message states that they should be contacted by email.  I was able to reach someone by pressing option #1, but he just kept saying he was sorry and that the only thing I could do was contact the spam department or legal department.  If you read the posts above, we all know this won't get you very far, so I decided to phone SBC/AT&T instead.  At first, AT&T tried to give me the run around, telling me that the problem was on my end because I most likely let someone use my email in the past, but I told them this was not the case because no one was allowed to touch my computer.  A manager finally got on the phone with me and said the same thing had occurred a couple of months ago, where they had numerous customers phoning in because of these types of emails, and he told me that changing the password would not resolve the problem.  He then transferred me to the level II tech business department, but I was not able to speak with anyone because they said it was a fee-based service, which I refused to pay.  Since my company is a home-based business, they told me that I could speak with the "residential" tech support department, but I did not bother contacting them because my past experience is that you are transferred to India, where they read basic information out of a book, which I know I have already done on my end.  If you are able to get through to their level II residential tech support department, it is then hit or miss whether you can actually find someone that might be able to help.  At this point, after all I have read on the Internet and the troubleshooting I have done on my end, I am convinced it is a Yahoo security breach, but the problem now lies with what to do next.  For the time being, I am going to continue using my Yahoo email because it will be a huge endeavor in switching over to another provider, but I will have no choice if the same thing occurs again in the future after changing my password.  I am not ambitious enough to pursue a lawsuit, but if anyone else has the drive, I am more than willing to provide as much detailed information you might need.  Needless to say, I am furious that my security was compromised and my business associates plagued with this problem.  If Yahoo is not taking the time to ensure their customers are safe, what will be next?  I don't know about you, but I have a lot of personal information stored in email folders, which means they might have obtained even more sensitive information that could cause some really big problems down the road.  I feel Yahoo should fess up to where the problem originated, letting their customers know how to avoid the same situation from occurring again in the future, instead of hiding out and trying to tell us the problem occurred because of something we did incorrectly on our end.  Yell

Thanks for the detailed feedback, Anne. I'd say that pretty well pinpoints the breach at Yahoo. I didn't feel like springing for a subpoena either, and I doubt that it would produce anything useful. I filed a complaint with the Better Business Bureau, deleted my online contacts, and left it at that.

BTW, my contacts were also distributed into multiple emails over several minutes. I assume that this was done to get past the spam filters and that it was performed by a bot, not a person.

Don't worry, Ghengis, i'm not gonna sue or even call your GF. i visit plen-tee of dodgy sites IRL, so that could account for the itch. Thanks for providing the only REAL forum anywhere for useful discussion of these hacks.

I think @Spagnonymous finally provided the explanation by referencing the only real reportage on the problem as well, the SC Magazine article he linked to above. I think it's pretty obvious bots/programs are implementing the mayhem in our accounts, not individuals. With so many people affected, I can't believe Mashable or somebody isn't posting about this.

After reading Anne's account of mobile phone spam, I am deleting the phone contacts I left in there on account of the lazy.

i visit plen-tee of dodgy sites IRL

In that case, we may have to block you, as you're obviously a carrier. We have standards here. However, I will advise the Evil Commenter Review Committee of your excellent precautionary recommendations, which I've added to the main post, so they may show leniency.

And thanks for re-linking the article. I missed Spagnonymous's reply in the deluge of comments. That definitely sounds like a highly plausible explanation.

Same thing happened to me today (05/07/2010). All my contacts were sent Viagra Spam from a yahoo account in Brazil.

My suspicion is that it is related to the new Yahoo feature (contacts/updates etc). There are some tick boxes that imply that your contacts have access to your other contacts, so your security is only as good as the weakest link.

Anyway, I sent an email to yahoo with the header information from the spam, and won't hold my breath regarding a useful response :-)

Steven

 

 

A lady in my office hijacked my yahoo accounts and several people that work

in the office as well as several of my contacts that had yahoo accounts.  We fired

her and pressed legal charges but that went nowhere.  I asked her how she was

able to take over our yahoo accounts and she just laughed at me.  She would

hijack my accounts moments after I changed my passwords.  The secret questions

had phoney answers using slang words my buddies and I made up in highschool.

She can hijack a yahoo account at will.  I sure don't know how.

I went throught the same BS with yahoo.  They were no help whatsoever and always

seemed to suspect she was guessing the secret questions somehow.

Same thing happened to me today (11th July 2010).  Mine was sent from hungary

Received: from [84.3.229.223] by web110015.mail.gq1.yahoo.com via HTTP; Sun, 11 Jul 2010 01:58:24 PDT
X-Mailer: YahooMailWebService/0.8.104.276605

I have been doing some googling and I have found that yahoo have an API which allows smartphones access to your contact list etc.

The timing is about right as I checked my email at about that time on my HTC Desire running android.  I then tapped on an interesting link talking about yet another patent law suite.

My guess is that the web server hosting the content is comprimised and using the yahoo API to send the spam/virus.

Mike

they got my girlfriend's yahoo account yesterday and today,

second and third times.

she doesn't have a facebook account.

I'm fairly confident that it not a problem with our computer.

I'm really supprised that this hasn't been fixed, or

that it isn't bigger news

If thay can send messages with your account,

couldn't they read all your emails too?

 

 

I think they attempted to get me again this morning.  At around 12:38 a.m. PST, I just so happened to be looking at my email account, when I received a supposed message from Yahoo telling me that I had to verify my sign in status periodically.  When I received the message, I was automatically signed out of my account, but I signed back in immediately.  I have used Yahoo for at least five years now and have never received a message that I would need to verify my sign-in status in order to leave my email account open and idle.  Once I signed back in, I monitored the account to see if I would receive another similar message, but I remained signed in the remainder of the morning, up until around 3:30 a.m.  From what I have read above, it seems that everyones' computers have been shut down at the time our accounts have been accessed and emails sent out to the contacts in our address books, so I am wondering if the odd message asking me to verify my sign-in status was another attempt to hijack my address book and send out more emails.  I would have liked to test this theory out further by not confirming my status last night, but it was my main business account, so I did not want all of my business contacts receiving another supposed message from me with a link.  After my account was hijacked the last time, I changed the password on my main account and the one I use to access the email account.  As of last Thursday, I changed over to fiberoptic/U-Verse with AT&T (same email address/account), which has given me the opportunity to speak with many of their level II techs.  I have had a couple of glitches with my email account (unrelated to the hijacking incident), which has them corresponding with Yahoo techs.  Unfortunately, even the AT&T techs cannot reach the Yahoo techs by telephone, so they are having to write trouble tickets and wait for a response.  I mentioned the hijacking incident to the AT&T tech I spoke with by phone today, who first tried to tell me the incident occurred due to something I had done incorrectly on my end, such as someone accessing my computer from home, my being signed up at another web site that logged my keystrokes, my computer being infected with a virus, etc., all of which I told him were not the case.  After speaking with him for a while and telling him about this web site, he finally agreed that it seems odd so many people would have the same thing occur on the same days.  I told him that it would be nice if someone from AT&T and Yahoo were more concerned about this type of thing happening and that someone should be looking into the problem so that our accounts were kept secure.  Since he was already writing up a trouble ticket to send to Yahoo, I asked him to also write up a ticket for my account being hijacked on 06/27/10, where emails were sent to the 90-some people in my address book.  The AT&T tech was already looking at my email account at the time, so he took a snapshot of the Breach folder I had created and all of the messages that were sent out on that day.  I highly doubt anything beneficial will come of the trouble ticket that AT&T sends to Yahoo, but I am hoping that if more people continue to complain, they might actually do some investigating and inform us as to how our accounts are being accessed.  If I receive a valid response from Yahoo or AT&T, I will be sure to post the information here for everyone to read.  I forgot to mention above that I asked the AT&T tech if it were possible I had received the message this morning because Yahoo was working on my account, and I was told that was not the case because the Yahoo techs would not need to sign me out.

Thanks for the additional details, Anne. The sign-in email definitely smells like rotten phish. But a number of commenters here are pretty are pretty savvy about phishing, so I doubt that phishing is responsible for all of the attacks. (I, for one, would never respond to an email telling me that I had to verify my login status.) The phishing attempt could just have been a coincidence.

Thanks also for alerting the AT&T tech to this post. It will be interesting to see if he has any more more luck than we did. I'm sure that Yahoo is aware of the problem. Some Yahoo customer support people have admitted that they've been deluged with complaints. I'm also sure that they don't want to tell anyone what the problem is, hence the stonewalling.

I did not give thought that the sign-in prompt might be a phishing attempt.  I was thinking that when the bot accesses our accounts, we are automatically signed out and receive the message just to see if we are currently online and sign back in right away.  It could be like you said and was just another odd occurrence that has happened to me lately, but it seemed a little too coincidental that this type of thing would occur a few weeks after my account had been hacked.  I also think it is a bit odd that no one has actually been online while their address books were accessed and am thinking there is a way the bot knows when the computer is powered off or idle.  I generally have my email open seven days per week, up until the wee hours of the morning, and my account had been accessed on a Sunday when I just so happened to have the computer shut off.

 

From the sounds of it, both the Yahoo and AT&T people are aware of the problem, yet both parties keep trying to tell us that our accounts are being accessed due to something we have done wrong.  An AT&T supervisor told me a few weeks back that they had also been deluged with similar complaints.  If Yahoo isn't fessing up, then I at least hope they are working on fixing the security breach!

 

Thanks so much for the information, Ghengis, and this web site.  If it weren't for the information I read here, I would most likely still be troubleshooting my computer and trying to figure out where I had gone wrong. 

Ok, please no more detailed reports of the problem!  We get it.  We're all victims here.  :-)

After reading this entire list, I still do not see a clue as to what the hole is.  Does anyone (technical) have an idea?

To be clear: It's not a virus on your local machine. I do not believe that they have your password. Somehow the hacker has gotten your email address and access to your entire address book. Once they have this info, the rest is easy. They simply spoof the Sender as you and send periodic spam to your entire AB. You receive the bounces and errors of course. I'm really confused how the Sent Folder gets erased, though.  This part is especially scary (but could be an automated system by Y! when it detects bad stuff.... just a wild theory).

I have only ONE CLUE: I recently received a request to be added to my Contacts. I foolishly accepted (no idea what I was thinking). The spam happened IMMEDIATELY after I accepted the contact.  But, I still have no idea how this could open a vulnerability.

So, if any technical person has an idea, please let us know. I'm just curious how the attack works and shocked that no one has explained it anywhere.  Its a dirty little secret that needs to be outted.

rc, not everyone writing in may be victims of the same attack, but at least in my case, the sender did not spoof my email address. The spam emails were in my sent mail folder. Judging by the email headers, the spam seems to have been sent by an automated third party through a web service.

Since Yahoo has not provided any information, we're all speculating here, but I think that the most plausible explanation for many of the highjackings is a security breach of yahoo's mail servers as described in this article.

What you described sounds different though, perhaps a phishing scam. Did you log in to accept the contact request? If so, you may have logged in to some spam website designed to look like Yahoo and unwittingly given away your password.

The same spam thing happened to me last night/today.  I didn't click on any contact requests and I'm also Mac and use Firefox.  My Sent folder was also suspiciously empty.  This appears to be a rampant problem with Yahoo.  Changed password and got gmail account.  Keep us all posted.

This happened to my wife this morning. She was embarrassed but was OK after I convinced her that most people will realize quite easily that this is SPAM and not from her. I changed her password immediately. Folks, I think it would help if we post the LENGTH of the password that we used (not the actual password). I suspect that the brute-force attack that some one mentioned in the beginning was the reason. IF, everybody say that they had short (say 4-5 letter password or a simple word), then this reason is more likely. The other thing I noticed is that many people say MAC (my wife uses MAC too). That could be a common reason too. It is possible that MAC+Yahoo has some security flaw that got exploited when used together. So reqeust: 1. How long was your Yahoo password? Was it a simple English word? 2. Did you use MAC to check your yahoo mails ever? Thanks all! I would suggest that everybody that can migrate to Google mails do so.

I unfortunately was still using a very old 6 digit password on my AT&T/Yahoo powered account and got hacked yesterday.  Shame on me for being so antiquated in this day and age.

Instead of a viagra ad message being sent from my account, the below message was sent, asking for money ---

"I'm sorry for this odd request because it might get to you too urgent but it's just because of the situation of things right now, i'm stuck in London, I came down here on vacation, i was robbed, worse  of it is that bags, cash and cards and my cell  phone was stolen at GUN  POINT, it's such a crazy experience forme, i need help flying back home, the authorities are not  being 100% supportive but the good thing is i still have my passport but don't have enough money to get my flight ticket back  home, please i need you to loan me some money, will refund you as  soon as i'm back home, i promise.
 
Thank you"
They'd hacked into my account, changed my password locking me out, sent the above email to everyone and their brother, then deleted my contacts.  My phone started ringing off the hook asking if we were okay?  Neighbors who'd been emailed even stopped by to ask what was going on, how embarrassing.
Half a day wasted with the Yahoo IT reps didn't get me anywhere other than back into my own account with a newer password.  They refused to deep dive backward to identify the culprits claiming that they had privacy rights!
Time to switch to gmail!

I got hacked on 8/12. I'm on a MAC as well and can only guess that it was from checking my email on a PC. And I hardly even use that yahoo account anymore. I changed my password and deleted my contacts. Yahoo needs to see these complaints.

Also got hacked 8/18. 3 years worth of sent mails gone. However, spam was only sent to a few of my contacts, 3 of which were no longer valid addresses. Did a full system scan and came up clean. Virus protection is up to date. Disturbing that this has been going on since the beginning of this year, yet finding info on this topic is severely limited.

I was hacked in this way (the fake Viagra offer email sent to all in my addy book) today at 4pm when I was not on the PC and my mail in yahoo was closed. I had received the fake email at 2pm today from a friend thru her email w/AOL but she was not online at that time - being at work. I guess this is chugging along still

A viagra link went out from my yahoo email this past Friday, 8/20/10.  This is despite not logging in to that account for months (like many have indicated here).  This problem did not impact my gmail account despite the fact that i have all yahoo emails forwarded to gmail.  this demonstrates a very important point: yahoo has a security breach and are not honoring their part of the email account bargain by securing our accounts.  I'd recommend people delete their yahoo account contacts and create a new gmail account.  it is so easy since u can automatically have your emails forwarded.  Yahoo has clearly made no effort to minimize, communicate, or neutralize this problem, despite many complaints.  we should all tell them by not using yahoo, that will send a much clearer message than piddly emails and phone calls to theiir dorks at tech support.

I thought my Yahoo/sbcglobal.net was hacked on Monday 8/16/10. It was so odd because all was normal.... I received my 2.2 android softare push from Verizon and as soon as my phone rebooted all heck broke loose. I had many friends calling asking if I was ok.... they received a message stating that I was in the UK, robbed, teary eyed, etc.

I changed my email password and found that they were having a ball chatting with my friends on facebook, nice. My facebook was shutdown, all my contacts deleted, last 2 months of my inbox deleted as well as 8 months of sent messages. Urg.

I was convinced somehow my software update was to blame.... until I had a friend mention today that they received hacker mail from me around 8/13.... on that day and the days prior I had only accessed my email by phone. She is the first one to mention this. (My computer came up clean for a malware, keylogger and virus.)

It is hard to find info on this topic but these are a few things that I am throwing around. 1. I recently added the Yahoo! mail app on my Droid. Security issue with the app perhaps??? 2. The 2.2 software was purely coincidental but maybe they saw that my IP address logged in as a mobile IP and they felt I was away from a computer and that they had more time to play in my accounts.

I felt a little helpless in the whole situation but I am convinced that my password being used was not my fault (did someone say YAHOO). I just can't trust Yahoo and found it super easy to import to gmail. Just wish I could get my facebook account back...

Good luck to everyone. This is by far is the most informative posting on this topic.

My Yahoo email account sent blank emails to people I had sent emails to before (I don't use a contact list).  This occured for the first time within 3 minutes of setting up a facebook account using my Yahoo email as contact.

I got hit, too.  I use my yahoo email address pretty freely (it's basically my 'public' email address), but I don't use the yahoo mail interface -- emails get forwarded to gmail.  I have 3 messages in my sent folder, each to about 5 people.  I suspect there are more that have gone out, based on bounces I've gotten.

The three I can see are on July 1 at 9:25 AM, July 2 at 2:47 AM, and August 1 at 8:24 AM.  The message body is just a link, which I have not clicked on -- each link is different, but each link incorporates my yahoo username somehow.

I've changed my password -- we'll see how it goes.

I was also hit. I am not a yahoo user and do not use Facebook. I am a Mac user and use MSN and have had the email with a link to a canadian pharmaceutical site selling viagra sent to all of my contacts twice. The first time was probably a month ago and I ignored it thinking it was a secluded event. I probably should have paid attention, but ignored it. The main reason I am even posting this is to say that it is not strictly Yahoo. I have never used Yahoo or facebook and am the only one is my household over the age of 6. No one else uses the internet. I received the emails that bounced back, but like others have no proof in my sent messages.

Great blog!  Glad I found it!  Happened to me too - today!  Friend mentioned two weeks ago he got spam from me.  Ran Avira, malware Bytes, and Spybot - nada.  I wouldn't have know the route except today I got the bounced email from dead/old email addresses in my contact list.  The header definitely said it came from somewhere else.  [113.167.117.90] is the ip that somehow accessed my web account at Yahoo.  The mail web server used was 'web33708.mail.mud.yahoo.com via HTTP', so it did not come from my pop mail version of Yahoo mail.  They are clever,  they registered that ip address as 'localhost' - really messes with routers.  I checked it with reverse DNS service. A tracerout kinda gets lost and times out, but last url name is 'vdc.vn' before stopping.  before I found this blog, I already deleted my contacts, but now I am scrubbing my info on there.  I am bummed my other real email address is in there as backup.  I suppose I could have logged on yahoo which nabbed my keystrokes, with an infected computer - as noone has my password but me.  Here is X-Mail Header:  X-Mailer: YahooMailWebService/0.8.105.279950  (don't click on any ips or address links in theis reply as a precaution)

thanks for a great post and opinion . . . . .

Your experience mirrors mine, including the Avira and Spybot being blind to "it." From reading the blog, it appears it is a Yahoo problem that Yahoo is doing nothing to solve and it has been going on for 3/4 a year, if not longer.

Everyone is saying I have to dump the email address account I use now and start from scratch, including re-populating my address book (that I haven't cleaned out and updated in years! Lesson learned!). I am NOT happy about this.

I want to know why Yahoo isn't burning rubber to solve this issue and I want to know why my antivirus and spyware programs have not caught it.

Thank you to everyone who has shared their stories and solutions. Through this, I will find my solution.  Meanwhile, everyone in my address book has been spammed with suggestions for Viagra. What's the world coming to, anyway?

This was wonderful.  Not of course that Yahoo was hacked or that you and many others, including myself have been over the past year deluged with viagra and other sex aids ads from nefarious sources, but that you had it all so humorously documented.  I feel better about the misery I went through at work trying to get my employer's network administrator to effectively deal with the fact that our work computers were literally inundated with all that junk mail, which was really causing problems, not to mention violating company rules about type of materials we could have on our work computers.  Yikes.  Thanks for that.   Oh yeah, there were a bunch of emails from people in Nigeria often starting with Dearly Beloved or something like that asking for the use of my bank account.  Ugh. 

This happened to me today on two different AOL web mail accounts. I found this thread while trying to locate the cause. The scary part is that the spammer didn't hijack my e-mail client, or an active session, rather they logged in with my username and password and sent the message via AOL's webmail client.

Here's what these accounts have in common:

1. I use a Mac and Microsoft Entourage not the AOL webmail client. Furthermore, I only use Firefox and have it setup to delete all information when it exits.

2. Both accounts did have the same password

3. Both accounts have been used to import contacts into Facebook

4. Both accounts are configured on my iPhone (iOS 4.x.x)

5. I log into AIM for OSX 2.0.312 with both of these accounts

Curiously, I also have a gmail hosted .edu account configured in Entourage and my iPhone which appears to be unaffected.

 

Here's the sender's information recovered from the headers of a bounced e-mail:

Received: from 187.58.63.2 by webmail-m072.sysops.aol.com (64.12.141.18) with HTTP (WebMailUI); Wed, 08 Sep 2010 18:51:59 -0400

Which resolves to a computer in Brazil: logteltelecom2.static.gvt.net.br

 

This same event happened to my gmail a couple weeks ago, and based on facebook posts it apparently happened to a few friends and friends-of-friends the same weekend. Staggeringly, it happened to a long-dormant AOL account yesterday! And i got a similar message from a long-ago acquaintance from hotmail. WTF is going on? I really can't piece anything together, especially the aol account has never been accessed from my current computer. In fairness to Google, at least they noticed. AOL just thanked "me" for re-activating my account.

PS they didn't have the same password, though they were the same username. I currently use a mac. And i think i have always used to web client for both, not that i've used AOL in the last 5 years or so.

I have an ~10yr old hotmail account which may or may not be comprmised. its not my primary email but i still use it. Recently i began getting almost daily spam emails from a good friend of mine from college from her old hotmail account- we usually dont email- just talk on either facebook or the phone. The subject line is blank and the link is usually something relating to pillsxxx.com. i ignored it because i didnt realize this would be an almost daily occurance. Today i just got a similar spam email from an ex-coworker i knew ten yrs ago. it got me thinking- could i be the one with the virus? These two people dont know eachother, maybe it is really me? So i started searching and this is the only page i could find that where people had a similar problem. my hotmail account is the one i list on facebook- same goes for both my comprimised friends. i use a different pw for hotmail and facebook and have scanned for viruses and come up clean. i have accessed my email on either my Windows desktop, 2 windows laptops, a Mac i use at work, and an Android phone. i don't know what OS they primarily use  but i know they both have iphones. Could this be an iphone thing? 

I recently had this exact thing happen to me. That is the hijacking of hotmail account and single spam link sent to everyone Hotmail had automatically collected in my online address book. I do not use the online www.hotmail.com to send emails, I use Mozilla Thunderbird to access the hotmail accounts, but it turns out Hotmail was saving every email I ever replied to in an online address book. This was a 10 year old email account so the online address book was HUGE.

HOWEVER, I did narrow my spam blasting down to an exact instant. The EXACT minute I installed and allowed the new Google Voice app to hook into and install in Firefox was the exact minute the spam was sent through my hotmail account. This may be a coincidence, but I am a very experienced web user and run several forms of protection. I have never had a major virus attack and certainly never spammed anyone, but the very minute I clicked the 'Allow' button for the official Google Voice installation was the exact minute the spam was released from my account.

I have since gone to hotmail.com, changed my password and deleted the hundreds of email names it had automatically collected into a address book. (Anyone I ever replied to had been placed in the address book)

this happened to me yesterday..with the viagra link, from my aol email..I had like 100 contacts..Idk how it happened but I removed the names off my address book and changed my password..I 'm trying to see who else this happened to when I did a google search and found this site.

Hi same thing happened to me I am still trying to figure it out? I apparently will have fun showing my face at work given I sent some male co workers viagra links! I deleted all my contacts and will not be using yahoo as my email any more ... rediculous this has been going on for quite some time now ... I think yahoo needs to be shut down...I did not open any attachments and I was working when i supposedly sent these emails.. Another thing a co worker was home and called me to tell me that the time said today 10 pm and at the time it was around noon???

Let me get this straight, this conversation started in February and it is now September (6 months or more later) and there is still no resolution nor solution?  It happened to me today and I was hoping to get some advise.

Yep. Yahoo is a great company, no? My advice is to follow the Jeannette's suggestions in the main post to the extent that you feel comfortable. I changed my password and deleted my online contacts and have not had a problem since.

I am up past my bedtime so haven't read thru the entire thread. My yahoo acct was compromised 2 wks ago. I think I know when if not exactly how. First thing in the am I always ck my email. One morning while half asleep I saw an email for someone I don't normally recieve mail from. No subject. The only content was a link whick i clicked before I thought. It was the ole viagra blah blah. I immediated closed the link and the next sunday I spammed my entire contact list. Email went out again yesterday. Seems to be recurring every sunday. I want it to stop. Now. Nitey nite. I will be back tomorrow. *sigh*

Within the last couple of weeks, both my Mother and I had our Yahoo email accounts hijacked.  It happened to me first.  The scam that went out to my contacts was the one with just the link to buy viagra.  The hijackers had not changed my password and must have erased my Sent Mail because I had no clue the spams were sent under my name until someone notified me.  I immediately changed my password and deleted my email contacts (I will only copy and past from now on).  Have had no problems with my email since.

Then my Mother's Yahoo account was hijacked last week, and they sent out a scam letter to her contacts saying that she was stranded in Nigeria and needed money to get home (everyone spammed had a hearty laugh as Mother is 85!).  The problem was that they changed her password, the answers to her security questions, and her alternate email address.  However, I was able to get back in by following the following steps:

Below are the steps that I took to get into my mother's account (I had set up her password and security questions for her originally)

1. Go to Yahoo sign-in page
2.  Don’t bother typing in ID and password.
3. Below the “Sign In” button, click on “I can’t access my account”
4. The next screen will ask the following question:

What's the problem you are experiencing?

  • I forgot my password
  • My password doesn't work
  • I forgot my Yahoo! ID
  • My account may have been compromised

5. Click the radio button for “My account may have been compromised” and click Next.

6. Type in your Yahoo ID (part of your email before the @yahoo.com) and the code shown (good luck with that; it takes me several tries to read those things!) and click next.

7. You will see this message:

Please select an option to reset your password

We’ll send you a message with a special link or code that will allow you to reset your password.

8. If they changed your altenate email account, then click on the second option, “I can’t access any of the above” and click Next.


9. It will now ask the first of your two security questions. Notice that it will show the date that the security question was added.  If it is a very recent date, the hijackers have changed the answers to your security questions.  HOWEVER, after the first or multiple failed attempts (I can’t remember), a small button appeared below that said something like, “Not my question.”  I clicked on that button, and it brought up the the same security question but the "date added" was almost a year earlier. It had gone back to my original security question answers.  My answer then worked and it logged me in.  If the hijackers had changed the answer to my security question twice, I would have never been able to log in.

I immediately changed my password, security questions (twice!), and alternate email back to one of mine.  The hijackers had even input a Nigerian street address and P.O. Box!! Either they were very brazen or they were having a good laugh!

Sorry this was so long, but my Mother was contacted by someone who had heard what happened to her and wanted to know how she got back into her account.  I am posting just in case it might help someone else.  Now, I always make sure my personal Yahoo sign-in seal that I created appears on my Yahoo website to ensure that I am not logging into a fake Yahoo website.  I deleted all of my contacts and will only copy and paste them from a word doc so that no one else can get spammed.  I will also only copy and paste my passwords in case there is a key logger.  

 

Thanks for the detailed comment, texasaggie. I'll incorporate it into the main post.

I guess that yahoo has now taken steps to at least address the hijackings -- which was much better than the the bumbling response that I received when I called customer service back in February. But they still have not acknowledged that it's heppening or explained how it happened.

Happened to me as well. Frustrating I have had this e-mail for years. I have changed the password etc. I also wonder if it is somehow related to using facebook? This happened to me the same day that I joined face CROOK

This also just happened to me. I wonder if it has anything to do with joning facebook it happened the same day I joined up with Face CROOK.

Add me to the list, it happened to me too.

I looked at several of the 24 spam emails, each addressed to a different group of several people from my contacts list, that were sent from my Yahoo email (and saved in the Sent folder as though it were I who actually sent them!) and noticed in the full headers that the IP addresses varied, as did a small part of the spam link in the content of the email. That link contained http://www.xxx#.canxhealth.com (the xxx# are placeholders I inserted in place of the letters and numbers that were different for each email). Why this spammer inserted differences in the links and had different IP addresses in the "From" field, is beyond my technological understanding. A week prior I had another and I was confused and didn't know what it was, so I tried the link and it opened a tab, but an error message appeared re the link (and probably didn't help the situation), and the link included in that email's content was totally different [xxx#.xpillsx.com], but similar in its construct, causing me now to suspect that it is the same spammer with a different mask on, so to speak.

I sent this information to Yahoo Customer Care with an urgent request for them to permanently and quickly solve the problem that I and many others are having, and to help me with what I am to do next. I'll see how they respond. Wish me luck.

(P.S. Oh Crumbs! When I copied the spam link to my post here with the intent to highlight the original text {what above is now the "xxx#" field} and replace it with the xxx#  so that I wasn't pasting an actual spam link for readers to accidentally click on, as I was highlighting it to copy it here, the link got clicked and--panic!--a new tab opened; I quickly hit escape, but alas, I'm sure it was too late :-(. Great...just what I need!  Better me than to have not changed it, thereby setting an accidental trap for you all!


I also want to thank everyone for sharing their experiences and solutions with this problem here. It is a great help.)

Same here.  Emails sent to many in my contacts advertising Viagra and Cialis.  Also deleted all my importand emails from my 'Sent' folder.  Yahoo responses seem as if I were the only one with this problem.

Why can I not get a straight answer to my question around here?

Dis-COUNT! Dis-COUNT! Dis-COUNT!

OK, now I'm laughing. Your viagra is in the mail.

This just happened to me today but apparently It happened in June as well and no one told me. I found out because I recently cleared my e-mail address from my blocked list don't know how that happened. Then today I received the spam. I made sure to send a warning e-mail to everyone who the spam was sent to. This was clearly sent from the web-mail application and not from my computer as the sent mail was stored on yahoo and not in my Microsoft office sent folder. The only way I found that it happened in june as well was because I check my daughters account which has never been used and it had two e-mail from me in june both spam. I have not click on any email that I did not recognize but I had gotten an email from a friend that had the same problem and didn't know it. This does seem to be something to do with yahoo though. I hope they fix it since as someone else pointed out this has been going on since February.

Tally one more Yahoo! Mail victim.

this has been happening to me as well, two computers one pc and one mac, as well as two different yahoo accounts, I didnt see anything in the sent but got a bunch of return emails from old contacts are no longer good, that was really the only way I knew this happened. Changed passwords and all did a scan came up clean, and deleted all cookies and then happened again after all that???? what can we do

Well it is months later (now Sept 26 2010) and this problems lives on!  (So much for Yahoo finding a solution to avoid it continuing to happen).  Happened to me yesterday/today.  Only way I realized was someone contacted me that they got 'from me' a strange looking email.  Told them I had not emailed them cuz I hadn't.  Went into my yahoo 'sent' folder and  ARRGGHH!  -- a LOT of emails went out from my account to MANY people giving hyperlinks.  I didn't send them!  Problem lives on.  My plans for today hijacked as I am spending day changing email and updating all the places I have used the one I am now closing down.  Finding out this has been going on for months and continues to go on is not comforting.

Same here.  Emails sent to many in my contacts advertising Viagra and Cialis.  Also deleted all my important emails from my 'Sent' folder.  Yahoo responses seem as if I were the only one with this problem.

ugh.  This blog is not encouraging.  This just happened to me this morning.  At first I was horrified thinking about the people and organizations on my contact list that were sent the messages (I had 4 different ones go out).  I must admit I'm still a little queasy about it but now I'm also a little angry learning that Yahoo has known about this for quite some time and haven't done anything about it.  It's even worse that they seem to have no customer service.

Thanks for posting these comments.  At least now I know that it wasn't some vengeful ex sending them out.

This just happened to me this past week.  I opened a Yahoo account about four months ago and I was actually getting e-mails from people linking to a viagra site.  Howvever, this past week it seemed to be my turn for sending out e-mails for the site.  Unfortunately I have two governement agencies in my contact list and I received a letter in the mail from both of them threatening me with legal action if I send them another message like this.  If it wasn't for the letters I would have had no idea the messeges were sent as they did not show up in my sent mail folder.  It's encouraging to know I'm not the only one that this has happened to, but getting a letter in the mail threatening you with legal actions is not a great way to start your day.  I have sense closed my Yahoo account hoping I will not have this problem again.

Well, I see that I am not the only one to have this problem (lol). But what's not funny is the way Yahoo(soft) deals with the concerns of its users when the issue is addressed to them.

Yahoo was such a good service, and while I have said (and emailed to them directly) that I understand that the company needs money to survive, allowing themselves to be bought out by Microsoft was the biggest mistake they could have made.

 

Now its users are paying the price...everyone knows that Microsoft's products get hacked regularly (perhaps because their founder was one of the original hackers and its a matter of karma - who knows), and there are people out there who have dedicated their lives and free time to hacking into them.

I am sad to have this happen...it is NOT a computer virus because as a tech savvy computer user, I have all the necessary (and some that I forgot I had, until something suspicious tries (unsuccessfully) to get into my system) protections - even if someone if I connect to another's system, drive, etc from my laptop, I can rid of trojans, and whatever else is out there within hours....this is to say this is a complete breach of an internal safety - a cyber breach...

What really made me mad was I tried to send a mass mailing to my address book (many of my contacts are clients who are NOT computer savvy at all) to alert them NOT TO OPEN any emails from me from that address, and Yahoo sent me an email letting me know that they type of email I was sending was not allowed, due to the "spam rules".

 

HOW is it that a spammer can send everyone I know (including myself at my other email addresses) emails at 4am, but I can not ---

I never send anything online that is considered too personal, if they were so "concerned" about the email of mine, perhaps they should have read it...the content and the subject make it quite clear that I am the victim of spam & that my emails should be ignored.

 

I hate to part with my Yahoo email address, I have had it since 1998 when Yahoo first started, but I may be forced to leave Yahoosoft (just like I left hotmail - 3 months ago for the same reason)...hmmm it's a little coincidental that first the Hotmail accounts have been going through this ( but come on now, who really still uses Hotmail) and now the Yahoosoft accounts.

I will have to put an away message to say that my Yahoo(soft) email will be discontinued...which will cost me money in advertising and company identity...I guess if all of their users do that, the only ones on Yahoo(soft) will be the owners & the spammers, just like on live.com and Hotmail.

Wow! Happened to my last night in the early morning hours. I don't think it's a local problem. I am protected and have run scans with two different A/V apps. I don't fall for phishing and use a password manager that verifies the URL being filled in.

I had the same password on my email and facebook. It was NOT a good password.

I like the theory that facebook could be the source, but who knows. Several emails were sent, each to a subset of my contacts, from a machine in India.

As another user posted, yahoo prevented me from sending out a mass apology and warning, so I had to use gmail.

Needless to say, I've been changing passwords, using much stronger rules.

On 9/27/10, my Yahoo email was hacked.  The hacker sent email to all of my contacts saying I was stranded in Wales.  The hacker also deleted all of my contacts and created a new email address where all of my email was being forwarded.  It was cold comfort to be on hold with Yahoo (almost an impossibility to talk to a human there) and listen to the hold message saying that Yahoo was experiencing a high volume of calls because of people's email being hacked.

Good and surprising news:  after repeated requests, Yahoo restored my contacts.

I can't believe this hasn't been getting more publicity - not even Slashdot yet! Not a week goes by without someone I know getting hit by this and me getting a spam mail.

So yeah, my Yahoomail got hacked as well.  I just received an email from my Yahoomail account to my gmail account on my blackberry.  My computers weren't even turned on at the time it emailed everyone in my address book.  I thought that maybe it was a virus on my computer that was doing it since it happened yesterday too.  But, viruses can't send emails out if your computers aren't even turned on!  wtf?

It has hit everyone i know in my address book that has a yahoo email addy. these  emails were about viagra and how my aunt got strannded and needs money. no support from yahoo, no info on the web.  Needless to say, yahoo sucks, I have gotten everyone to close their email accounts and switch to gmail and no problems so far.

Well, I was hit last night (all computers turned off).  Same as everyone else.  Fortunately, only my wife, two daughters and business partner were in my contact list.  In my case, the sent folder and trash folder were emptied in the process - an inconvenience, but probably not a big problem.  The inbox appears to be left alone.  I received a copy of the email to my inbox which I moved to my spam folder.  It has not subject and has only a link to a gibberish website address which, my partner tells me, is a viagra website - because he foolishly clicked on the link.  I have installed webroot on his computer, scanned and found nothing but a bunch of cookies.  Hopefully, his address book hasn't been uploaded to the spammer by now (he opened it with Thunderbird on a Win7 PC).  I have changed my yahoo password and my facebook password in case there's a link (different passwords now - they were the same before).  If anyone suggests I take more action on this, I would be more than happy to know about it.

thanks for sharing

 I like the article

Let me add one new angle which to me is evidence that this is happening at Yahoo central servers and not due to anything we do.  Same thing happened to me as everybody else from about 3 Oct.  However, a short while prior to the spam being sent out all my "permanently" deleted emails from 2006 till today reappeared in my trash folder!  These should not exist in the first place, of course (being permanently dleted by Yahoo....) but they certainly would not exist anywhere but on Yahoo's servers.  Thus, this is a problem for Yahoo.  Who can we go to to get this published and on the main news?

 

For what it is worth, I was in China using a local laptop at the time though I'm not entirely sure this has anything to do with it.

Very valuable post, thanks for sharing it with us . I enjoyed reading this article.

I enjoyed reading this website also. I don't believe that my Yahoo mail account has been compromised but I regularly receive messages from bots that have compromised other's accounts. I wanted to comment on Yahoo's request to gain release of information by subpoena. As I understand it, a subpoena is used almost exclusively to gain information to be used in a court case. I believe that it is not easy to get a judge to grant a subpoena if you can not show damages and also have a lawsuit against the other party.

I think that Yahoo has come up with the demand for a subpoena as a ploy to stop information requests. Of course, I'm happy that Yahoo is not giving out personal information to anyone that requests it. Pretexting is a very easy way for bad people to gain your information. I tend to agree with the post above that the Yahoo servers have been hacked, maybe by an insider or a contract programmer. Maybe it is beyond Yahoo's competency to figure out this problem and resolve it so they are in the self-protection mode. It seems to me that most large software companies can figure out major problems and resolve them. Yahoo should be able to figure this one out. Maybe a class action lawsuit representing many individuals would cause Yahoo to take this issue seriously.

Thanks for the clarification, anon. I agree that the subpoena thing is a ploy.

I'm in for a class action law suit. The scale of this thing, and Yahoo's recalcitrance suggest that it could be necessary. We'd need someone to take on the case though.

Part of The Answer?

I know it does seem like there's some internal hacking going on with Yahoo's servers BUT the ease with which all of these type of accounts - facebook, twitter, gmail, etc. - can be hacked on a public network really makes me wonder. Everyone should watch this video, see the recommendation, and spread the word.

http://techcrunch.com/2010/10/25/lazy-hackers-twitter-firesheep-boasts-100000-downloads-faceboo

Do it before it happens to you!

Thanks codesmith. I doubt that the scale of attacks we're seeing here could be produced by hackers stealing passwords on public networks (and then selling them to the same spammer). The attacks also precede the release of firesheep by months.

That said, it is an alarming video, and as a frequent user of coffeeshop wifi networks, I just downloaded HTTPS everywhere to protect myself.

I'm disturbed that Eric Butler released firesheep to the public. Yes, the attention will hopefully force sites to encrypt, but was it really necessary to empower hundreds of thousands of amateur hackers in order to that? I suspect that Butler's white hat intentions are supplemented by a desire for notoriety.

Incidentally, the video didn't raise the issue, but I imagine that firesheep and tools like it could be a much bigger problem for corporate networks. It's much more interesting to hack into the FB account of someone you know than a random stranger, and the networks are much bigger.

Hey Gengis,

You were asking for evidence about yahoo...I'm wondering if this could help:

My son's yahoo account was compromised about a week ago and all contacts received the blank subject emails with a link to a url inside the mail.  However, his mail address in the offending email was "domain keys verified" meaning that the integrity of the email was checked and verified to be coming from a yahoo mail DNS.

I scanned his PC with 3 different virus scanners and found nothing on it.  Also there were no mails in his sent items and his PC was actually turned off when the mails were sent, and he was at school where he doesn't have access to yahoo.  He also assures me that he did not access his yahoo account from another PC in recent times.   Could the "domain keys verification" be the smoking gun you are looking for?  Does it prove that the mails came from Yahoo's servers and that they have been compromised?  

I also have a yahoo account and received a notification a couple of weeks ago on my account that someone had tried to retrieve my password using my security answers, so immediately changed my security answers & password and (so far) have not been the victim of this strange attack. 

I'm perplexed by yahoo's response to this: clearly it is causing them to lose customers, yet they appear to do nothing about it.

 

 

Thanks, Heather. I'm sure that all the spam messages go through yahoo's servers. The spammers are actually using peoples' accounts to send the messages. It's as if someone where to log into your son's email account and send out emails--except that it's automated through a web service.

I imagine that Yahoo is trying to stop it. They may not be able to. What frustrates me is that they haven't been open about what's happening.

I had that same situation yesterday. I logged on to my yahoo account to check my emails after school and found a weird email to myself from myself. When I checked it, the email had also been fowarded to EVERYONE in my contact list. The url was really weird, too. Then today, I tried to log into my account and yahoo said something about suspicious things happening on my account and that I needed to change my password. I have NO idea what going on but I hope it's not a virus..

Same thing happened to me today.  I just changed my password.  I remembered accidentally opening an email with an attachment in it yesturday.  Maybe that was the cause but I am not sure.

Same thing happened to me today.  I just changed my password.  I remembered accidentally opening an email with an attachment in it yesturday.  Maybe that was the cause but I am not sure.

It is November and my email was hacked by the same Canadian viagra email.  So it is still a major issue and Yahoo needs to address it.

This just happened to me a couple days ago....... All my contacts on my contact list were sent spam messages...... but these emails don't show up in my sent box, so maybe they were deleted.... I don't know.  Needless to say, it was pretty embarassing.  Once I found out, two days later, I sent out an apology email and warning to people to not click on the links in the message. 

I changed my password, but I'm starting to think about just shutting down my yahoo account entirely.  It seems like this problem is mostly occuring with yahoo email accounts, but is it happening with other email providers as well?

Same thing happened to me. I'm a 17 year DBA and IT veteran. I take security very seriously and have never had a problem with worms or viruses (virii?).

But early Tuesday, Nov 9 as I was still waking up, something sent out around 44 emails, with 9 members of my contact list per email, with no subject other than "RE:" and a link to different "websites" at *.com.au/to.html, which redirect to different things. My Yahoo password and contacts were still intact. I was able to change the password without issue. No record of the emails in my Sent folder.

Thanks to many of my contacts being really old email addresses, most of the attempted emails failed on at least one address and "came back" to me undeliverable. This let me stitch together a list to email my apologies. Many of these folks emailed back indicating the exact same thing happened to them on Tue, Wed and Thurs. I got a couple more with the same subject and com.au link from other friends as late as this evening.

The frightening thing is that some of the addresses used by the spammer existed ONLY in my Yahoo Contacts. They were bogus email addresses I put in there to flag this very thing. They had never been used in emails sent over the internet, so were not available for harvesting.

To me that means Yahoo's backend servers were hacked and countless Contact lists and their owners were downloaded.

I sent a tip to CNN, hoping some big guns would perk up their ears and go after Yahoo for admission of the breakin, but so far havent' heard back. Wish I hadn't canceled my Pre-Paid Legal membership. I'd love to go after some concrete information from Yahoo.

I had the exact same problem, Mtnfalcon, and did what you did.  I had one bogus email addy - created by accident, by me (whilst drinking and attempting to type) - and it's never been used either, until today.  I did everything you did and ran an AVG scan: nothing.

A couple of my friends responded to my apology email with "yeah, you're not the first one to do this to me, but you're the first to apologize and tell us what you're doing about it."

Good luck with CNN. I'd love to hear somebody rip Yahoo's security a new one.

This type of Address book spam is happening with all the email services. The way I stopped it (in addition to changing my password) was to place all my contacts in the Notes field...........and everything stopped.

Wife is having the same problem for the past couple weeks.  Yahoo account.  She's hysterical because she's a 6th grade teacher, and parents of her children are receiving ads for viagra, penis enlargement, etc.  Some of these morons (including her otherwise tech-saavy father) actually believe she is moonlighting.

Yahoo is an incompetent website!   i ran my own mail server.   i never get viagra spam before.  and now everyday full of Viagra Email spam sent by Yahoo!

 

For your notice, i used to be Yahoo Geocities Business user and migrated due to their lack of customer service and care. I think this is their vengeance or what..

 

Get rid of Yahoo!  dont try contacting them, they will put u on hold and phone distortion till you give up!

YellFor the past four months my email was hijacked and all my contact and now they use my and my cousins email address to send out their garbage. I have contacted yahoo several times and have gotten no where. They haven't done anything to stop this because I just got a new one today. I am going to be closing this email account. So the email address above is a account that has yet to  be hacked.

I think this is related to the cookies snooping vulnerability with wifi hotspots and such. If one of these scum has gotten access to a port on an internet backbone like MAE West or something, they could have sniffed out cookies and gotten into millions of email accounts, Hotmail, Yahoo, FB, etc. http://en.wikipedia.org/wiki/HTTP_cookie Or it could have been stolen through a cross-site scripting hack, someone could have installed some JavaScript that sent your cookie to them, then they have access to your session and can SPAM email from it.

This just happened to me today. There are only two computers from which I access my email. One is Linux, and therefore impervious to Windows (and in practically terms, all, viruses. The other is my work computer, which is on the network of a large financial institution and security-protected forwards, backwards, and sideways. My only explanation is either a brute-force attack, or some other host-end vulnerability.

Just had the same thing happen to my yahoo and facebook account today. Hoax e-mail to all contacts from me stating -"Terrifying Experience" I was held a gunpoint in London and to send money.  All paswords, contacts, files wiped out.  Yahoo useless!  Is there a name for this virus?

Ditto here!

For the last two nights yahoo has been sending links to a canadian drug company from my email address.  I changed my password and deleted all my contacts.  Contacted Uslesshoo and find customer "care" is really bad.  No virus on my local computer so this is clearly a Yahoo problem since I did not open any suspect emails.  Yahoo simply does not care!

I have been sending out free advertisements for Canadian drug companies for months now.  My friends and family probably hate me.  My Son's High School counselor I am sure is wondering why I feel she needs diet pills and Viagra, I have had this email address for the last 12 years and everything I do is connected to it.  It would be a total pain in the butt to switch to a new one and take me a good month to figure out everything and everyone I would need to contact to make changes for one simple email address.  I am going to try the change password idea first, then delete my contacts if that doesn't work but I totally dread the thought of changing email addresses.  I have run Anti Malwarebytes on both my PC's and they have both come up clean, The only other place I access my email is at work and that is on a Huge, extremely secure network....Has to be Yahoo.

Happened to me this morning to my main Yahoo account.

It wasn't for a drug company though, the subject of the e-mails that went out said "SAD NEWS:  [my name] and asked people to send money because I was "stranded in Paris."

 

Not sure if it went to just my contacts or to everyone I've sent messages to.

So far about six people have written back saying they got it.

And there were about six or eight messages in Sent folder.

The worst thing is that ALL my e-mails in the Inbox and Sent items are now gone!

From reading above I'm guessing there is no way Yahoo will restore them, correct?

This just kills me.

It just happened to me last week. How I found out was I received a delivery failure notification. Over time I have received junk emails from old contacts. Then within the past few months I began receiving emails from accounts where it appeared the sender had had their account hijacked and emails were being sent to members of their address books. I just deleted the messages. In my case I was hijacked after I posted an ad on craigslist. ????? I have deleted my Yahoo account. I can safely exclude viruses, malware, trojans, etc. as I am on a Mac and have my laptop pretty well secured from these problems, even though Macs are pretty well immune. Yahoo should be ashamed! From what I can tell this problem has gone on for years. My guess is that it is people in their own camp that are doing this. What is really sad is that paying for an account provides no better protection than id one had a free account. So much for fiduciary protection. 

Yes the issue is still occuring in December 2010. Couldn't see any emails in the sent folder but a couple of non deliveries gave it away. Difficult to establish the truth and what's causing it. I don't do Facebook so there's no link there. I do work in IT so don't blindly click on any link. I have changed my password so hope it's a one off. You'd have thought that Yahoo would have made an announcement but maybe they've something to hide. People have run anti-virus and spyware programs with nothing showing up. It's even occured on MACs which are more secure. A friend also had the same thing happen with her Hotmail account. Very strange.

Al

A little while ago the gawker.com email database was compromised; the emails, logins, and passwords of everyone who had commented on the gawker associated websites were released to the world in the form of a file on bit torrent which many white and black hat hackers have downloaded.

Right around that time I got an email from yahoo saying that my email account had been compromised, and that all I needed to do was to log in and change my email account password.  I got all paranoid thinking that someone really did have access to my yahoo email account, and reading this post and comments stoked that fear.

But in retrospect I think that probably nobody ever had access to my yahoo email account, but rather yahoo sent that message to scare me into changing my password.  My yahoo email passwords before and after that message were strong, unique random sequences which I did not use for any other accounts, including for gawker.

My guess is that yahoo, like many other websites, downloaded the leaked gawker data, and saw my yahoo email address, so they sent me the "your email has been hacked" letter either out of confusion or an abundance of caution.  Whatever their motivation, it was not to be informative, as they did not mention the gawker release at all.

Another possibility is that following the gawker debacle a black hat started a dictionary or brute force attack on my yahoo email account, and yahoo detected that locked down my account until I changed the password.  At any rate, I didn't see any evidence in my sent folder of any malicious activity. 

Reading this thread does make me consider switching to gmail, although I'm sure they have their own issues.  I wouldn't be surprised if many of the posters in this thread had weak "Secret questions".  Sarah Palin's email was hacked by guessing/googling the answers to her Secret Questions, and I'm sure other's accounts are similarly vulnerable.

I'm on aol mail and at one o'clock on Christmas day everyone on my aol contacts was sent a link to Viagra. Has aol been hacked to?

Most likely, it was a yahoo look-alike, designed to get you to enter your username and password on their site. Then, after you've given them your info, they save it and route you to yahoo, or gmail, or facebook, whatever. Anytime you get an e-mail asking you to login to an account, open a separate window and go to the website yourself, so you're sure you're at the right place.

Happened to me with my yahoo email account this morning. Changed my password and deleted all my contacts (twice). after reading all the entries on this page I agree it must be happening on the yahoo server side. My Mac laptop was off when the email was sent, the email headers say YahooMailWebService, etc. Been in the IT business for 25 years so I am careful, but that did not stop this. I will wait a bit and see but I think I may have to dicth this yahoo account, which is a pain, I have used this email address for over 10 years now.

Just sent out a large Viagra advertisement.  How nice of me, right?  Changed my PW, but didn't delete much else...kind of a bummer but what do i expect for $19.99/yr or .06 cents per day...

You really do get what you pay for in America!  Let freedom stink.

this just happened to me and I'm so upset. I'm not super tech savvy but am a freeelancer and have all my friends and business contacts receiving viagra ads-- it's awful--what is the recommended course fo action--doesn it help to contact Yahoo?

I found this blog via google because I just had the same thing happen in the past hour (I was logged in but I KNOW I didn't send them). I think the info that it was yahoo servers that were attacked and not user-error makes the most sense. But in the bigger picture I don't think this type of thing is a yahoo-only problem. In the past 6 months my mother had the same sort of thing happen on her hotmail account. And another commenter said something about gmail. I think it's probably a new type of internet problem we're going to have to learn to deal with. My question is, why can't hackers learn to do something productive with their skills? it gets old, really....

Me too.  First my Hotmail a few months back, and now my Yahoo account.  Worse yet, all of my sent emails are gone, too.  I am dumping Yahoo because the support did nada to address the problem.

I will try gmail and begin altering my email practices significantly, basically treating my email as an open door for anyone who is interested.  This sucks.  

If I received a percentage of the viagra sales, I might feel a bit better out all of this.  A previous poster mentioned the promoting of a device for extending the length of the male organ-dear Lord, I hope I am not selling such a device to my friends and loved ones.

Be careful out there.

For the past few weeks I've been receiving the same kind of crap in my email you guys have. I decided to look into it this morning.

First off ... I have a Bellsouth account and was receiving this crap via my WLM acount through the BS POP server.

I noticed several people in my address book were copied on this spam crap, and it appeared to be coming from me. Also, there were some of the same crap I received that appeared to be coming from a yahoo email account I haven't used for a while. My passwords were the same for both accounts.

Had me stymied for a while, cause the ones that looked like they were coming from my bellsouth account weren't in my sent folder. I decided to scheck my Bellsouth / Yahoo "web mail" account  ... and, there they were in my sent folder. The contacts that were receiving the spam were in that account's contact list on the yahoo / att web mail account.

So ... the scumbags hadn't hacked my computer. They hacked two yahoo email accounts.

I deleted all the contacts from those accounts, and changed the passwords.

Let's see if I receive any more crap from those scumbag A$$WIPES.

Here's what obviously happened ... they hacked one of my yahoo email accounts and found their way to my other yahoo account ... and sent the spam from both accounts.

How they initially got my password is unknown to me. Too bad there's not an easy way to find these schmucks ...

On February 5th or so, I was told by people who are friends on my facebook account but who are NOT in my contact list from yahoo that they received one of the famous spam messages that is going around. It's not the Viagra but is the one saying I'm stuck in London and I need them to send money.   Right away I went to facebook and changed my PW and then did the same with yahoo mail.  I logged in...no problem...changed my PW....no problem...AND NEVER GOT BACK IN AGAIN!    For a while, some of the yahoo mail that I was receiving would come to my iPad and I could sometimes get in using an alternate URL, us.m.yahoo.com which is the mobile site, but now I can't do anything.  When someone sends to my mail address (which I have had for 10 years), they get a rejection saying that the mailbox is disabled or discontinued.  No DUH!

I have an open ticket and the customer care people are very courteous EVERY SINGLE TIME I CALL, but still no resolution.   I am working on a book of family history and so much info and photos are in that mailbox.  I've never had trouble so I thought I was safe.  I am an IT person and specialize in disaster planning, so I'm usually very careful.   

Yahoo keeps telling me that they know that this is a big issue impacting others but will give me no info about what happened or when it will be fixed...or even IF IT WILL BE FIXED.

I am so frustrated!

This happen to me yesturday. I was quickly informed by the people on my contact list tha i was send viagra adverts. I immedeatly changed me password Today (they) the hacker/virus/whatever tried to send out another spam email. This time i got a failure notice becuase of the changed password The failire notice included the IP that the email was sent from I cant look up the IP right now cuz im on m iphone (hence the typos and broken english) I will be able to find the source of who sent the email I figure my password was originally taken when i signes into my yahoo acount on a publi computer If its not from that, then my iphone is infected So in theory, the IP should be from the public computer, or the att 3g network If its coming from 3g network ill just wipe my iphone clean If its from the public computer i shoud be safe by just changing the password

You're an internet sensation :)  My wife's account got caught up in this too.  Good stuff.  Fun times in the innertubes.

This hacking-viagra-spam phenomenon has happened to my wife's email several times now and this morning I am after the most recent 4am blast email episode I am trying to put a stop to it. 

I checker her 'user log' on Yahoo and found a login access at 2:14am from India.  We are located in Florida.

I also found out i'm sending the long list of "viagra" "better sex life" "buy something" mails and changed my yahoo pwd. I hope 2 put an end to this. Didn't lost any contacts and didn't deleted any contacts. Should i delete contacts?

Also, my mails originate from india or indonesia.

A few comments for you guys:

A. A lot of these comments say 'I WAS USING A MAC'. Could this have something to do with it? (like the Mac's java engine etc)

B. I am thinking that someone may be using some sort of code injection using either the browser or the java engine. Did anyone have the yahoo email opened at the same time they had another spammy or junk site opened? When it happened to me today I was browsing some international news aggregator sites that seemed a little 'backwater'... The only other time I spammed friends about Viagra (six months or so ago) I was doing something similar. Would it be possible to force tha yahoo email client page to send all of these emails out without even logging in (or knowing your password) if you had two pages or tabs opened... one with your YAHOO mail account and one with a site attempting to hijack your YAHOO mail account to send Viagra emails? 

Mines even better.  Had the same email address for 15 plus years.  i access it from my iphone so I dont type in my password I just hit the email icon.  They took my email address and deleted all of my personal identifying info so I cant even reset my password.  Basically it's as if I never had this address.  I did try to create a new account using my old address and, of course, it is already in use.

AOL was absolutely no help except to insist that my account wasn't hijacked!   Yep, what ever you say.  My problem is to try and get all of my contacts back.  With 5 kids the amount of contacts range from teachers to coaches and instructors is endless.  I almost don't even know where to begin!  

I had this happen to me today -- the hacking worm sent emails out to all of my address book containing a link.

However, those emails did not appear in my sent mail...however, I did get a copy. They all were sent out at exactly 6:43.

In the kickback undeliverables, I could tell all the emails originated from the same IP address in Taiwan.

I changed my password, chatted with Yahoo Customer Care, who advised me to check everything else about my settings -- alt emails, etc -- and that all look sgood. I did change my password, of course.

I have some 600 folk sin my address book so this was a real headache telling people not to open it. It was too late with some. Thankfully, more and more peopple are learning about this -- it happens to a lot of folks.

Yahoo's servers are clearly getting attacked.

Have you considered the mail client software apps out there that allow you to put any info you want into the from feild meaning no one needs direct access to your account and the only security that would fix this issue some people may not like so it should be an optional thing if you have these problems a lot. Where you can choose to limit what ip addresses allow outgoing mail with your from info so all other ips would instantly get rejected and the only way mail providers could do this is with co-operation of mail return / reject / failure services.

I exp. this a lot with yahoo and lately my aol has been doing it, but I noticed recently around the time my aol started the problem everyone else's did to so I am thinking both might be an internal security leak on aol & yahoo servers. Again though very important security problem that no mail server will address is entering from so&sos@email.com in a mail client like certain low security clients does not require account access through password to send as long as the incoming server has access to a real account granting access to be anonymous to any spammer with a brain or even without a very inteligent designed bot could handle that too.

Happened to my yahoo account today...  I posted to my face book wall the "who-hijacked-yahoo-mail-3151" encouraging all my friends to do the same...  This has been going on for years with no resolution according to this comment trail.  Not acceptable.  Post to your facebook wall asking your friends to do the same and lets see if we can't get a media blitz by friday.  The power of social networking carried a revolution through Egypt...  Lets see what we can accomplish!

I have read about 50% of the comments on this page.  I think you may have to conclude that perhaps someone working inside Yahoo is up to no good.  Their somewhat elusive responses and patronising replies seem to suggest this as well.  They must have thousands of employees.  It is quite conceivable that a few of them have less than commendable moral standards.

Companies are willing to pay someone quite well for legitimate email addresses to solicit products too.  I'll bet that statistically, it has been shown that more people will click those links when the message is coming from someone they know.  Also most anti-SPAM filters will ignore messages coming from someone in your contact list.

Now, as an IT professional, I will add my two cents.  I strongly advise that you NEVER link accounts with each other using the import contact feature.  Try to copy and paste your passwords into the login boxes to circumvent keyloggers on public computers.  Type them into an unsaved notepad window and copy-paste into browsers from there; close the notepad window, without saving, afterwards.

Your passwords should never be any words or names in any of the main globally spoken languages.  No models of cars, or commonly known items such as music group titles or popular objects.  Try to mix mixed-case letters, numbers and even a symbol or two if you can.  Here is a very cool tip I received once.  If your chosen password returns ANY results in Google, choose something else.

Do not EVER store anything important online, anywhere, ever.  With all these cloud services coming out, more and more information will be stolen and resolved into dangerous leverage by criminals.

Use offline email and news readers, like Windows Live or Thunderbird (using POP3 access) etc.  If you don’t wish to do that then always save anything important as a text file on your hard-drive and delete your old emails.   Be sure that you use security for transmitting passwords.  If your email service does not support them, use another one.  Many online email services have extended security login features; use them.

Never allow Firefox, Google Chrome, or IEn to remember your password if ANYONE uses your logon account other than you.  In fact, never allow anyone else to use that account.  Always make separate accounts for separate people on computers.  If you network your computers, make sure the same people use the same account on all systems.

Try to not keep contacts in online email accounts.  Use the Windows Contacts program or Mac Address Book for your contacts, copy and paste the addresses into online emails if you are worried.  Also please do not send out emails with a pile of people in the TO fields.  It allows email addresses to be so easily mined by malware.

I use Thunderbird, and some add-ons to manage things.  I have my Yahoo, MSN, Gmail, and AOL accounts all managed offline by Thunderbird.  I keep all my online folders clear.  I do not use the online contacts features in those accounts either.

Always have different passwords for everything.  PROMPTLY delete any and all verification and activation emails.  Back these emails up as text files if you have too.  Use an encrypted flash-disk for public computers.  Purchase a key with a physical write switch on it.  You can also use a password manager like Roboform, or Password Safe.

I hope these tips will help you.  Cool

My Email Account was hijacked and Yahoo can't tell me how or why it happened.  I changed my passwords, and unfortunately can't stop emails as I'm looking for employment.  No virus is on my laptop or Blackberry, nor any bugs, malware, etc...  5.27.2011

 

My yahoo account was hacked this morning. My strongest suspicion is a third party application I downloaded on my iPhone yesterday. Vlingo - added the ability to send text and emails and it shared all contacts my contacts. Funny thing was that they had this message saying we would never spam. I should have backed out of it when I saw that one... Anyway, I will likely close the yahoo account since there is no resolution around this issue.

It got me a few days ago.  A few kickbacks alerted me in my spam due to the address' no longer valid.

Sent Yahoo and email but no reply.

Finally a friend sent a reply asking if I had sent this email.

Class action, free or not!

This issue needs more attention from the world at large.  I assumed that most of the email I received from others with crazy links were spoof email and not actual hacking of the account.  Then it happened to me two days ago, and repeated again last night/this morning at about the same time (2:3X a.m.).

Thanks to all for your comments and stories.  I prefer blaming Yahoo to thinking that the cause is an uncurable virus or that I need a 45 character password.

If one of you tech genius folk could come up with a fix, or perhaps become a superhero and search out and destroy the evil hacker behind this crap, I will personally sew you a cape.  Colors of your choice.

Wow...apparently this has been going on for quite some time now! My husband just asked me why I sent him an email about Viagra!

Well...turns out everyone in my contact list received the same email....opps, sorry!

I just changed my yahoo PW...so we'll see what happens...

Amazing this saga is still continuing.....

I recieved spam from my own yahoo account, it was sent to another one of my email accounts, and the last 5 people I had previously sent yahoo emails to.  I logged into my yahoo account, and found those emails were actually sitting in the sent folder.

I ran a virus scan, and found no key logger, but I think that if someone had hacked my PC with a keylogger, the last thing they'd want to do is use it to log into Yahoo and send a few spam emails.  So I really doubt this is a keylogger.  Yahoo probably got hacked somehow.

One thing to keep in mind, as my Yahoo Contacts were hacked a couple weeks ago, is that Yahoo stores all of your Contacts on their "secure" servers. They do not reside on your HD like your Outlook Contacts.

So, any spamming of your Yahoo Contacts is most likely coming from within Yahoo's "secure" system. Changing your password will not solve the issue. Once your Contacts are compromised/harvested, they will be "shared for a profit" throughout the Internet's slimy side of Darkness....

 

Hey, my yahoo account was hacked in the same manner (emails containing different links, all leading to www.nookmedstablets.net, were send to combinations of 6 contacts). I researched all day to find out what happened. My computer was closed at the time. I wrote to Yahoo but they gave me a casual answer, saying not to give away my password, and to change it). I found this site and I understand more people faced this problem. I am so afraid that it will happen again, and I am ashamed with the people I send it to. Is there anything I can do to prevent it? (I am from Romania, I have a Mac).

There is an easy way to find out the "Log" using the view source from the email.

Received: from [IP here is the one sending the spam] by...
X-Mailer: YahooMailWebService/0.8.111.304355
Date: <date here>
From: Name <infectedeamilaccount@yahoo.com>
Subject: 
To: <people in your contact list>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

<link to some website>

All the ones I've seen are IPs that belong to Europe or South and Central America.  However, there are tools that can be used to mask IPs and MACs, so depedning on their level of computer skills the IP could be a fake.

Yahoo has locked my account saying that it was used to send spam to people on my contact list.  The funny thing is that the people on my contact list are individuals I'm in contact with on a regular basis either by phone or in person.  Even when I asked these people if they have received spam e-mails from me, they have told me they haven't received anything yet Yahoo! is so damn sure my account has been sending out spam e-mails.

 

There are no other e-mails in my sent box than the ones I've sent myself.  No other e-mails in my trash box than the ones I have deleted and seeing how I have Yahoo! integrated into my Firefox web browser, I have real time viewing of when I receive new e-mail and when my e-mail account has been viewed by myself or a third party.

 

Yahoo! refuses to unlock my account and is telling me in canned responses to reset my password which I refuse to do because (1) my account wasn't hacked and (2) they erroneously locked my account.

 

At this point it makes me wonder how many others has Yahoo! done this to and if a basis for a class action law suit against could develop from this.  Not for monetary damages but for them to get their acts together.

Based on this blog, I was very happy to find out that I am not alone.  But I was unhappy that Yahoo doesn't seem to respond - even to Better Business Bureau.

Well, I still wanted to "report" this - even if Yahoo didn't directly do anything to help resolve my break-in, figuring that if enough people complain that something might be done.  So, I filed an identity theft report with the Federal Trade Commission.  In their online form, they even have options specifically for having had your email identity "stolen".  So, they must be used to that form of identity theft.

Also, as a side note (since I don't remember seeing it here on this blog), it is kind of interesting to look at "View your recent login history".  Many (most?) of the break-ins correspond to someone from outside the U.S. logging in from a mobile device.

Yahoo has been sending out blank emails to everyone in my contacts. Emails have in the subject line titles of mail received previously, both legitimate and spam. These emails I did not send appear in my Sent folder. I am using a Mac, so none of the 'solutions' on various help pages is of any use. I have written to Yahoo twice about this but have not heard back. This is a PAID account and I expected some help. Don't know how to query the message header, but if anyone will tell me how, I will contribute my findings.http://ukr-group.com

Really glad I found this blog - I knew I wasn't crazy! My question is since I receive email on my smartphone, are the contacts and credentials on my phone at risk too?

Just happened to me today while I was in a cab.  Feeling a bit violated, but it's great we have this wonderful support group here.

This happened to me last week.  When I checked the access history, it showed someone appearing to be from Colombia accessing my account via mobile.  I immediately reset my password and removed Yahoo! mail from my Blackberry.  I haven't seen any further intances of this on my account, but am keeping a watchful eye on the access logs.

This happened to me today. Someone from Thailand accessed my Yahoo! Mail via Yahoo! Mobile and sent some e-mail with a link to all my contacts. I changed my password now. Also, I discovered that an older account of mine (with no contacts in the Address Book) has also been hacked a few days ago (similar Yahoo! Mobile connection but the IP was from Mexico). Some of my friends also started to send me similar spam from their Yahoo! Mail. This is indeed a serious problem!

I have also unfortunately fallen victim to Yahoo!'s shoddy security practices. surprise

I woke up this morning to find that I allegedly sent spam e-mails (not Viagra, thankfully) to all 21 of my Yahoo! Contacts. There was absolutely no indication of suspicious e-mails being sent from my account in the 'Sent' folder -- the only way I knew that something had happened was:

1. I had one of the offending e-mails in my Inbox (I have myself in my Y! Contacts);
2. A friend of mine replied to one of the offending e-mails to give me a heads up;
3. There were a handful of undeliverable Mailer Daemon messages in my 'Spam' folder due to outdated Y! Contacts. 

After changing my password, checking my Y! Account settings, and scanning my system with various anti-malware / anti-trojan / anti-virus applications, I went through all of the headers of the undeliverable e-mails and they all pointed to SMTP access and an IP address based in Russia.

I then checked my 'Recent Login Activity' and found two instances of someone from the Ukraine logging into my account via Yahoo! Mobile at 12:29 AM (all of the spam e-mails were sent at around 12:34 AM).

I've contacted Yahoo! to report this, though I don't expect to actually receive any help from them.   

Just happened to my wife's Yahoo! account.  We use a MacBook.  I used two free AntiVirus programs I saw reviewed on CNet.com.  The first iAntivirus did not detect anything.  The second Clamxav detected the following Trojan and Trojan Download files:

256f397f-59314a9a

6051b73-2f9fc3ac

7582ed99-19d0a654

 

I don't know if they had anything to do with the problem.  My wife has changed her password.  We will see. . . .

The same thing happened to me today. An IP-address (112.199.159.63) from Singapore logged in with Yahoo Mobile and sent spam to all my contacts, containing a link like this

 or similar (all about viviani).

:-(

Ok full frontal attack this morning: September 12 2011

My entire Yahoo account contacts all sent links to buy Viagra

and I am in Canada.

Sick to hear this is going on for more than a year.

Yep, one more case. Got email from my sister this morning hawking drugs. She has a Bellsouth email address, which is AT&T, which of course outsources its email to Yahoo. I don't know who is more incompetent, Yahoo (well, they are publicly traded, bottom line is important, not security) or AT&T for contracting with Yahoo (AT&T is also publicly traded).

Headers indicate that the email was sent via webmail from an IP address in Vietnam. Since she lives in Florida and hasn't even been out of the state in a long time, it seems unlikely that she was beamed to the opposite side of the globe just to send this email.

The link in the email points to a redirector, so clicking on it multiple times brings up different drug sites. The first one appeared to be just a general drug site ("Canadian", though most of the drug sites claiming to be Canadian aren't). Second time it brought up a standard ED drug site.

Her password (I think I know what it was) would probably have been just fine with a small email provider. Even beyond the question of Yahoo's competence, it's become dangerous to use any of the very large providers simply because they are also large targets.

Edward

It happened to me. Some viruses propagate through email. You need to do a system scan.

Thanks for sharing your experience with us, those who use Yahoo on a daily basis know what you mean. I had my account hacked once and that's because my anti-virus didn't warned me about some recent exe files [link deleted] I installed. It was defenseless and I had to deal with the situation. It can be really frustrating but I got away from it without serious damage...

I was hit on my yahoo account at October 4, 2011 8:58:32 AM CDT Im in Chicago suburbs and I am on Macs, I work in IT so I am very security minded. The funny thing is my buddy told my about emails I sent to him I was thinking wtf I did not send you any emails...after I looked at my yahoo account I noticed sent emails to all my contacts…I then removed all the contacts and then removed the removed contacts since they keep them stored in case you change your mind or if it was a mistake. lol Navigating the yahoo email setting is not very easy lol any way I managed to change my password and remove all the contacts now I wait to see if there will be any new activity I did not login through my mac mail software I will wait and see on the webmail if any more emails will go out. I am happy I found this thread and others are experiencing this not just me. I say we find who did this and lunch a DOS attack on their sites or find the private emails and sign them up for all the xxx sites lol but thats me I need payback.

If I find any new info i'll post.

My boss told me he saw a message from an Andrea on his home computer that said it came in at 4:30 am. - which I didn't send because I was sleeping - but other than that he was not sure if it came from me or not because it did not list my last name. Right after that meeting, I logged into my work email (which is a different provider) and Bam - I got a SPAM from my yahoo email - the "from" line listed my first name and last name. I logged into my yahoo and saw all the mailordaemon: returned mail (about 15 or so) but the list of email from my address book didn't include my entire address book. I immediately changed my password. I googled the issue and found this blog. I followed all the suggestions and so far haven't seen anything other emails. It didn't save any of these sent messages in the sent folder so it's not exaclty the same trouble. I'm going to check my computer when I get home. I've called my brother and told him not to log into ANY of his accounts until I can get this checked out.

sigh............I sure hope someone finds out what's going on. I really think a lawsuit should be filed against Yahoo. I know they track your cookies when your logged in (Ever notice how the advertisements are recent websites that you have visited?) So I never staye logged into. However, I did join a site Ivillage - but again I used a different password.

First thing I'm going to check for is a keylogger. 

Just as everyone else - I'll let you know if I find anything.  

My account was hacked yesterday morning @ 10:10 AM  as well with sent items that I didn't send.  In yahoo, you can check to see when and where your account has been logged in and yesterday morning when these emails started going out, someone used yahoo mobile in Germany and sent out these emails.  Luckily, I have a Gmail account that I have been switching to get off of yahoo.  I scanned my laptops for viruses and changed my password and security questions until i can get all of my folders off of my yahoo account and then I am going to close it.  Goodbye Yahoo!

This week, I received 3 e-mails from my cousin who use yahoo.au.  Two of them send links. You know what.

The other one telling a drama that he was being robbed in England and nothing left but hotel and other bills to pay. You know where it's goin'

Well, my cousin is in Bali. Can't be in England in one night.

I marked those e-mails as spam.  Hope "he" never send me more drama. I called him to close his yahoo account or change password.

 

 

 

This exact thing just happened to me on my yahoo account this past weekend.  I am horrified.  People are sending me emails asking me what I am sending them and why I keep sending them emails.  I tried to explain to them that I didn't send them anything.  I had looked in my spam folder and found these emails for Canadian Pharmacy and Viagra.  I had to delete all the contacts I had. I am really upset.  I don't understand how this can happen!!  I had a very secure password.  I couldn't even get into my account when I tried I had to mark it as compromised and change the password again.  This is crazy! People don't even believe me when I say I didn't email them.

Jill

Latest Comments