  subscribe |  Genghis |  Orlando |  Larry |  Cleveland |  Wolfrum |
NavigationRecent blog posts
|
Who Hijacked Yahoo Mail? This morning, I emailed everyone I know to try to sell them Viagra. Ex-bosses, ex-friends, ex-random-people-that-I-met-once-in-a-cafe, and ex-girlfriends (who really don't want to hear from me, let alone buy Viagra from me). Sorry. I didn't mean to. In fact, I don't remember doing it. But the incriminating evidence is sitting in my Yahoo "Sent Mail" folder. Six emails sent collectively to everyone in my contacts list between 10:09 and 10:10 am. All hocking Viagra. How could this have happened? After several hours of research and several more hours of head scratching, not including a quick lunch break, three bathroom trips (#1, #1, #2), and half-an-hour to figure out how to change my email password, I've narrowed it down to five possibilities: 1. My computer has virus. This might seem like the most likely possibility, since the newly discovered Kneber bot apparently loves to steal Yahoo email passwords. But the Kneber bot targets PCs, and I have a Mac. Moreover, the only known Mac OS X virus is a pathetic iChat trojan horse that wouldn't recognize a Yahoo email password if you tweeted, "Hey virus, my yahoo email password is onenutgenghis73." 2. I got hacked. Unlikely, since I don't give my password out and certainly don't publish it on the Internet where some Viagra-spammer could find on it. Plus, it has numbers and other confusing things in it. 3. Yahoo got hacked. Possible, especially since my Mac-owning ex-girlfriend also tried to sell me Viagra last week via Yahoo mail. But you'd think that Yahoo getting hacked would be all over the news, and I've found nothing so far. 4. I checked my email from an infected PC. In all seriousness, this seems the most probable cause, given the Kneber bot's password-stealing proclivities, even though I rarely check email from other computers. 5. I was drunk. Possible but unlikely, even for me, at 10 in the morning. Hocking Viagra would also be atypical behavior for me to do while drunk. Had my emails included pictures of my head photoshopped onto the bodies of various celebrities, porn stars, and furry animals, it would be a different matter. So the mystery continues. If your email or facebook account has been hacked recently, please speak up in the comments so that we can get to the bottom of this. And if you just want Viagra, please send me a private comment. I'll add you to my contact list. ------------------------------------------------------------------------------------------------ Update 5/29/10: Commenter Spagnonymous found an article from SC Magazine that points to the likely source of the security breach:
------------------------------------------------------------------------------------------------ Update 5/29/10: I'm going to share the recommendations from Jeannette below. Some of these might be overkill. I have had no issue with any Yahoo services besides email. But at the very least, I recommend deleting your online contacts.
------------------------------------------------------------------------------------------------ Update 3/12/10: So I've been going back and forth with Yahoo Customer Care to try to find out how my account was hacked. I faxed them written permission, answered security questions, etc. Customer Care then accessed my account and did nothing but reset my password. That's a bit strange in itself because I'm sure that Yahoo doesn't need written permission to reset a password. In any case, I was looking for information, not a password reset, so I explained, again, that I wanted to find out how my account had been hacked and requested any information that they had. Now here's the punchline--they won't tell me. To get information about my own account, I have to go through the legal department and may require a subpoena. This is starting to smell. I'm going to get some legal advice and will follow up when I get more information. The edited email chain is below. -------------------------------- Hello, Michael -------------------------------- Hello, Jake. Thank you for looking into my problem. However, resetting -------------------------------- Hello Mike, -------------------------------- Hello Jane, I'm very confused now. I asked for information about only -------------------------------- Hello Mike, ------------------------------------------------------------------------------------------------ Update 5/29/10:I filed a complaint with the Better Business Bureau in San Jose, CA. That didn't get me anywhere either. But here it is for your reading pleasure. Complaint Summary My paid email account was hijacked by a third party. Yahoo will provide no information to me about how the hijacking occurred. Resolution Sought I would like Yahoo to provide me any information that it has on how a third party obtained access to my email account, whether my private data has been compromised, and how I can protect myself from a similar attack in the future. Company's Initial Response - Posted 04/29/2010 We understand that you would like to know how your account was accessed. To disclose log information and access data, we may require a subpoena or other legal documentation. Send all such requests in writing to: Yahoo! Custodian of Records 701 First Avenue Sunnyvale, CA 94089-1019 If you are concerned about safeguarding the privacy and security of your Yahoo! account, please refer to the following guidelines: * Always sign out when you are finished using your account. This is especially important if you use a public or shared computer. To sign out of your account, click the "Sign Out" link, located at the top of the page. (If you have clicked on the "Remember my ID on this computer" box, signing out will disable that option.) You may also want to completely exit the browser you have been using. * Choose your password wisely. Choose a Yahoo! password which you will remember, but which cannot be easily guessed, even by those who know you. It is very important to keep your password private at all times. Use a complex password that is a mixture of upper and lowercase letters, numbers, and symbols. * Change your password when necessary. If, at any time, you become concerned about the security of your password, you can always change it online. Just sign in to your Yahoo! account, and click on the "Account Info" or "My Account" link, located at the top of most pages you visit at Yahoo!. Re-enter your password to continue, and click on the "Change Password" link on your Account Information page. You will then be asked to enter your current password, a new password, and then to confirm your new password. Once you've filled in these fields, click the "Save" button to put the change into effect. * Choose your Security Question and Secret Answer wisely. If you gave us a Security Question and Secret Answer during registration, be sure that you have chosen a Secret Answer that you will definitely remember, but which will also be difficult for others to guess from your Security Question. (Remember, it's possible for anyone who knows your Yahoo! ID, birthday, and ZIP/Postal code to see what your Security Question is.) * You can update your Security Questions and Secret Answers by accessing your "Account Information" page. 1.Sign into your Yahoo! account. 2.Click on your name at the top of the page and select "Account Info" from the pull-down list. You will be required to verify your current password. 3.Under "Sign-In and Security," click "Update password - reset info." 4.You can choose one of the security questions we have made available or your can choose your own. 5.Be sure to click "Save" after you have provided your new information. Please note that: - The security questions must be 5 to 100 characters in length, and may only contain letters and numbers. - The answers to your questions must be 4 to 32 characters in length, and may only contain letters and numbers. - The security question cannot contain the answer. - The security questions cannot be the same. - The answers to your two security questions cannot be the same. * Clear your browser's cache. Doing this will remove the possibility that another user on the same computer could use the browser's "Back" button or "History" function to view any of the contents of your account. Please note: Your Yahoo! ID and password are your own confidential information. No Yahoo! employee will ever ask you for your password in an unsolicited phone call or email message. If you are ever asked for your password in an unsolicited manner, or by someone you do not believe to be a representative of Yahoo!, please do not share your password with them, and ask them the reason for asking. For additional information on ways to protect your information online, please visit the Yahoo! Security Center at: http://security.yahoo.com Initial Response Summary Account access was restored to customer. Yahoo! cannot determine if any data was accessed in the account. Provided customer with security tips. Consumer's Rebuttal - Posted 05/06/2010 This response is unsatisfactory and offers nothing that I have not already been told by Yahoo Customer Care. The generic security tips are available on Yahoo's website. My password and secret answers already follow their recommendations. Therefore, the information provides me no assistance in avoiding a similar event in the future. Furthermore, since Yahoo has provided no information about the manner in which the account was accessed, I cannot ascertain whether the hackers were able to access my private data other than my contacts list. Yahoo reiterated that I must file a subpoena in order to learn any information about this breach of my account, an unreasonable demand, since the cost of obtaining a subpoena is prohibitive, and I have not asked for any proprietary information about any account other than my own. Though I am a paying customer of some 10 years, Yahoo refuses to give me reasonable information to help me protect myself. Company's Final Response - Posted 05/07/2010 Our previous response stands as is. Based on our investigation, there is no other information we are able to offer as to how the account was compromised. Access logs will require a subpoena. Dag? Nab it! Subscribe to the latest from your favorite topic, blogger, or entire site. Copyright © 2010 dagblog. All rights reserved.
|
Recent comments
Reader blogs |
Does this mean I'm not getting the discount?
Oh that was gold.
Yahoo! has gone straight into the toilet. I first found all my contacts deleted and attempted to get them to do a restore. As a former IT professional this looked like a simple fix. I too was given the run around and in essence found that Yahoo! is being run by morons and scumbags laying around eating junk food and napping. I hunted around on various discussion boards and found that any acct that had been compromised had its contacts deleted as a "security measure". I wrote them regarding this and was told that they couldn't do anything about undoing their fuck up. Now to make matters worse...I had found two e-mail that contained all the contacts. The original spam if you will. I was relieved. Years and years of contacts weren't completely lost. The phone #s and addresses were unless the e-mail address was still valid and active. These were years and years worth of contacts. I at least had enough brains to forward these two email to another acct not on Yahoo!. I had even concatenated the two into one e-mail so I could more quickly copy and past them back into my contacts and sent it to my Yahoo! actt. So this last Tuesday I go to find those two e-mail only to find all but 3 e-mail had been deleted from my sent mail. Fucking Yahoo!. As I had originally told them, it would have been far easier and customer protecting to just disable any compromised acct and create a page one would be re-directed to if this was the case to re-activate it with Oh I don't know maybe our SECURITY QUESTIONS and reset our password. Disaster averted not multiplied. With this sent mail deletion I sent a complaint that included a promise of a class-action suit if this isn't recctified. I'm sure many of us have depended on that Yahoo! mail acct for years. Lets sue their asses.
Got me this morning at 5:53. My wife was on her email when she got an email from "me" with a link to some site that I know I didn't send because I was getting dressed. When I got to work I found another email from "me" on my work email. Same time 5:53, with a different link in the email. Will run the usual V scans and adaware when I get home. Firsat time this has happened to me with yahoo.
I had the same email or at least a very similar one. It landed in my coffee roaster website inbox from my main personal email address. I was like what the **** and then after looking it up I found this post here. Hopefully I can just change the password and suck to get my account back in my control.
Any suggestions would be great.
Changing the password worked for me. As a precaution, I would clear our your online contacts if you can get by without it.
An even more secure way of defeating a keylogger is to copy & paste the letters from someplace else (I'm sure this blog now has enough letters that you shouldn't have any problems using it!). That way, you can enter your password using only your mouse! (This assumes the system that's asking for the password allows pasted text. Some don't.)
NB: No security system is ever completely secure.
I'm on board for suing them. I lost all of my sent mail from the last 9 years or so, and Yahoo won't take any responsibility or do anything about it.
Got me today too.. twice it seems. And my PC and MAC were both off while I was heading out of town for a little vaca... Facebook? Linkedin?
If it's the Kneber virus, your computer would not have had to be on. The password could have been previously retrieved and passed to the spammers. In my case, the spam email header indicated that it was sent using the yahoo web service, which means that a computer somewhere accessed my yahoo account remotely.
I would definitely run a virus scan on your PC if I were you.
The same thing happened to me last week and today! So frustrating.
It happened to me today. All had a subject heading of a different unknown persons name.
How embarrassing. I haven't cleaned my contact list in years. I going to change to gmail
I too had this happen, and I am on a Mac as well. But there is no record of my computer sending out any emails via Mac Mail. Nor does my online Yahoo mail page show anything being sent out. As a bit of safety, I changed my yahoo password, and it has not happened since.
Whatever did this did get email addresses from me, as the people who were assaulted by this were people I had emailed in the past.
I use Mac Mail too, and there was nothing in the sent-mail folder on my computer. The messages were in my online sent-mail folder. Also, the recipients were clearly pulled from my online yahoo address book, which is not in sync with the address book on my Mac.
Do you have the spam emails? Mine indicated that a remote computer accessed my account via the yahoo mail web service. This is from the email header:
Greeeeeeeat. And I just paid out $249.99 on YOUR SAY SO, PAL.
No biggie, unless you consider that your PRE-NUPTIAL GOOD NAME is at stake.
I'm assuming you're good for this, right?
Quinn, I will gladly reimburse you $249.99 plus an inconveniance rebate of $5,000. Please provide your bank account information and PIN number so that I can deposit the money. Also your email password, as this is necessary to comply with the laws of our country. I look forward to doing business with you.
But... I already e-mailed them to acanuck, like he said you requested.
And he said he'd pass them right along to you.
acanuck?
acanuuuuuuuck?
Suckers.
My theory is that Chinese intelligence have hacked into the Yahoo the same way they've hacked into Gmail. These Viagra ads are just test runs of their hack, disguised as normal spam. That is this paranoid liberal's theory.
Based on new revelations, it seems that Chinese intelligence is behind the hacking, but it's no test run. In a final blow to Maoist Communism, they're just hocking Viagra.
Call it "the Great Poke Forward."
In the future, could you avoid combining the words Hocking and Viagra? No reason, just a simple request…
You don't think that my choice of words was accidental, do you? Just be glad that my spammer wasn't hocking penis enlargements. Oops, I did it again.
This is because of that Rick-roll, isn't it?
I too had this happen on 2/15. I was horrified! It went out to my entire list including everyone on the church email list as well as the teachers at my son's school. I began to dread opening my inbox because people I hadn't seen in years were suddenly writing to question whether I'd been hacked, had a virus or was really promoting viagra. My husband usually has a fabulous virus protection system running so I felt ashamed that I had contracted this bug. And I was afraid that friends were opening this thing because they trusted me and were also getting infected. One thing I know is that soon after this I was locked out of my yahoo account. But I was able to get back in by changing my password. I have a PC. Wish I knew how this happened because I did not enjoy it at all! It wasn't the viagr athat bugged me so much and the fact that I had been invaded! Anyone know exactly what happned?
Same thing here on June 12, 2010 - I have enough security/virus/spam stuff running on my PC to defend an entire nation and now I have to tell people that "no, times are bad but not bad enough for me to sell questionable pharmaceuticals"... I did not feel this violated when my house was burglarized, at least my name did not get sullied when that happened...
Hawking. It's "hawking."
Not hocking.
I donno. Where's acanuck? When he comes by, tell him I don't think I can help out anymore. He's just gonna have to raise the tone around here himself.
Hey, I've been busy. Spent most of the day watching Olympic curling. Did you see how we crushed those Danes? What's that about cheap Viagra?
Well, it seems I have been hacked on one of my Yahoo accounts and my Facebook account. This evening, I could not access my facebook or yahoo accounts. After resetting both passwords, it was to my surprise that the passwords were almost instantly unusable. One login I could use the newly reset password the next login the passwords were incorrect. What is even more disheartening is when I did get into my yahoo mail, all of the folders, emails sent, emails in the inbox, drafts and most of the contacts were gone. Does anyone know what is going on?
Hey there, Anonymous. Thanks for the comment. That's the first bit of real info to show up here. I'd like to follow up and try to get a hold of someone at Yahoo to confirm. Do you have any more details about your call with the tech? If you'd like to help, please contact me at http://dagblog.com/user/3/contact.
Thanks a lot for the details. I tried to contact yahoo myself and reached a customer service rep who told me that yahoo has no tech support phone number. Needless to say, she didn't give me any information about the issue.
I'm trying to see if I can network my way to someone at Yahoo, and I'll call their PR department tomorrow (though I don't expect much from that). If I write about about a Yahoo security breach, would you be willing to go on the record about your tech support call?
Thanks. I had previously tried option 2 on the second number and got nowhere. Option 3 is small business, so I may try your biz email suggestion.
I called media relations and left a message, but I'm sure that they won't call me back.
I just had this problem today, and I'm pretty sure I don't have a virus. When I checked my sent folder and looked at the mail headers, I found lines like this:
Received: from [98.136.56.85] by web37407.mail.mud.yahoo.com via HTTP; Tue, 02 Mar 2010 17:23:19 PST
Received: from [68.180.216.153] by web37403.mail.mud.yahoo.com via HTTP; Tue, 02 Mar 2010 17:23:00 PST
...although with lots of very similar IP addresses. The thing is, those addresses are all coming from yahoo. They're in the domain mobile.sp1.yahoo.com.
No, seriously. Where's my discount?
Did any of you recently download IE8? I think IE 8 (optimized for yahoo) has been compromised.
My account got hacked too but I haven't downloaded IE 8 (I only use firefox). My computer was acting funny for a bit afterwards, letting me type in my yahoo credentials but then saying it couldn't connect to yahoo. I would search on google but when I clicked on a link from google, it would forward me to a search site "web-help...". I ran McAfee and it didn't find anything and then my browser started working fine again, but I am still changing all my passwords from a public computer first, just in case.
Happened to me this morning. I have IE8, Windows 7 and a PC (obv). Computer was off when e-mails were sent. Have changed my password, so we'll see what happens. Am really upset by the comment on 2/20 that Yahoo seems to know about the problem, but isn't communicating that to its users.
I'm relieved to know that it wasn't just me that this happened to. It happened to me on 02/27/10. Everyone on my contact list was sent an email at 2:13pm referring them to a canadian drug website. I didn't know about it until someone asked me what it was. The messages are in my sent box. I sent the information to Yahoo. I changed my password. I also deleted all of my contacts since this is a secondary email account that I just use for facebook and on-line ordering.
I and other folks are on Macs, so I doubt that IE 8 is the issue. I finally received an email from tech support. I will fax them permissions to investigate my account on Monday.
Internet Explorer 8 downloaded to my PC on 3-19-10. Entire address book (1127 people) got viagra email from my email address on 3-20-10. Also, my "sent" folder in yahoo was cleaned out / deleted completely even all of my old emails from years ago were deleted by the virus. I think you are correct that IE8 is the problem.
Another person impacted, from Dec 2009:
http://aaronshortstory.blogspot.com/2009/12/evan-thies-viagra-spam.html
Well, after watching the responses and an " Our engineers are working on it " response from the yahoo tech support. lol I revisited my wifes account today, only to be blocked by demands from yahoo to reset the password lol. Continouos messages of " Your account has had suspicious activity " and " Your account has been compromised " lol DUH! I suspect that someone has to much time on their hands and the so called engineers are big on pay and short on action, much like our financial genuises. Lets face it, they loaned money to people that had no way of paying it back. Write it off the books while uncle sam handed them our money to pay bonuses. Compare that to free mail over a telephone line. " Back in the day " as the kids say we had what was called a party line. The operator or any other party on that line could listen to any and all of your conversations information etc.
blah blah blah, Thanks for the forum, ARO
I am so glad I found this, I was starting to really get worried about my security. I have a Mac and was not even home when it happened. I got a few emails from friends asking what I had sent and realized what happened. the only sign in my actuall email is about 10 failure to send notices to some old email adds I had not removed. Nothing in my sent box except what I have actually sent. Been a little embarrassed but am trying to laugh and just change passwords and hope that works so I don't have to go thru getting an all new mail account.
This just happened to me this morning...at a very sensitive time work-wise. First person to question me was my potential new boss...he didn't say whether he opened it or not, but I'm guessing he did - his response was a "?"
So... I use sbcglobal email, operated by Yahoo on a MAC. If Yahoo was compromised, they owe us an explanation - or a fix - or at least a shiv for under our accelerator. I'll jump in on any complaint. More details...I can see the email sent in my SENT box, to 12 or so people in my email address book with different names in the subject line, enclosed are various sites taking people to various pharmaceutical website, and based on the replies, I'm guessing Viagra is one.
The harder I work, the further I get behind...
Just got us today. Same thing various names to various links. Hopefully the people we know have a good anti-virus running. I know some that would actually follow the links. Praise the Lord for my wife and my iPhone we saw some mailer daemons kicking back messages and started to investigate. I hopefully sent out an e-mail that ours was compromised before anyone starts clicking. My pasture may wonder why I think he needs Viagra.
I need an editor. I know it's Pastor.
This happened to me 3 weeks ago and again today. Both times were early morning on a Tuesday — must be that viagra is needed only after long weekends! In any case, yahoo tells me I need antivirus software on my Mac. I say they know nothing. They offered no solution to the problem other than that and change my password as I had done before. We'll see if another spam goes out in another few weeks. Maybe then they'll listen and find a solution on their end.
The same thing happened to me last weekend. My neighbor was at my house the day prior and showing me this “new website” that he found to download catalogs of music. When the site opened, it had a big Viagra ad across the top of the page. I closed the page and never downloaded anything. The next morning, I discovered that my Yahoo account had sent this email out to everyone. I sent a Viagra ad to my 80 year old father. Mortifying!!! LOL
I ran a check and no viruses found. I changed my password, and haven't had another problem as of yet.
I assumed it had something to do with that website. Maybe it was a coincidence?
If you unknowingly downloaded malware, and the malware is still there, then changing your password probably won't help. You might find that next week (or some time later), another set of e-mails go out.
Although I'm not aware of any true viruses on the Mac, it's not hard for the unaware user to accidently install malware on the Mac (although it's harder to do on a Mac than on Windows). For more on viruses and Macs, check out this from the Guardian. There is even some malware that is universal to Macs, Windows, and Linux.
I also recently encouraged several random people from my contacts list in yahoo to buy Viagra. The old ladies from church who got it were NOT very happy with me! :) Still haven't found the source... rrrr.....
Maybe they know my Pastor. See earlier post. :-) Just happened again. I was hoping it was random. Changed my password. They tend to go out when my computer isn't even on, so I don;t think it is malware. Seriously doubt it is my iPhone.
If it's like mine, then it's done using Yahoo web services, which means that a remote server interacts directly with Yahoo's server. But the hackers would still need your password for that. Has it happened since you changed your password?
I contacted Yahoo tech support and asked them to investigate my account. They went in, but all they did was change my password (again). I've followed up to with my original inquiry. Will post the results when and if I receive them.
You sure have generated a lot of interest with this story, Genghis. I'm surprised so many other people have reported this, but I haven't heard a lick of it on any of my tech-feeds.
I agree. I wish that I could get some real evidence about the source of this thing.
I've been hit several times this month, I guess they like my contacts.
I've sold everything from Viagra (to my MOTHER no less) to monster trucks.
Now what the CRAP is the fix?!!!
Have you changed your password? I have not had a problem since I did that.
I deleted all my contacts out of my Yahoo list and changed my password.
If I get another email address, will it do the same thing?
Not if your new email address ends with @gmail.com!
If you have a virus like the Kneber bot, then it could continue to happen until you get rid of the virus, so definitely do an up-to-date virus scan if you have a PC. But if a Yahoo server was hacked, then it shouldn't happen again once you change your password (unless Yahoo gets hacked again).
My gmail account was hijacked this morning. Here is the message:
So I've been going back and forth with Yahoo Customer Care to try to find out how my account was hacked. I faxed them written permission, answered security questions, etc. Customer Care then accessed my account and did nothing but reset my password. That's a bit strange in itself because I'm sure that Yahoo doesn't need written permission to reset a password.
In any case, I was looking for information, not a password reset, so I explained, again, that I wanted to find out how my account had been hacked and requested any information that they had.
Now here's the punchline--they won't tell me. To get information about my own account, I have to go through the legal department and may require a subpoena. This is starting to smell.
I'm going to get some legal advice and will follow up when I get more information. The edited email chain is below.
--------------------------------
--------------------------------
--------------------------------
--------------------------------
--------------------------------
I did a little bit of testing/investigation of the message headers, and the spam seems to be coming from yahoo. Appreciate if others can look at their message headers to see if they also point to ***.mobile.sp1.yahoo.com and post feedback.
The message header from the spam:
Received: from [68.180.216.153] by web81707.mail.mud.yahoo.com via HTTP; Sun, 07 Mar 2010 16:57:55 PST
The IP address maps to: prop24.mobile.sp1.yahoo.com, ie inside yahoo.com
I tested by sending a message from Firefox on my laptop on my company's network. I'm not going to post the internal address/name for security reasons, but it maps back to one of our devices.
I also tested by sending a message from the web browser within my blackberry. My company configures the web browser to go through our internal gateways. Again, the message headers point to one of our internal servers as the source of the message.
Messages from Thunderbird on my home computer correctly map to my DSL IP address and username.
I access my e-mail from three places only - I feel reasonably safe that I don't have a virus on these places:
JP
I did a whois lookup for the sending device in my case, which gave me some contact information over at yahoo. I've got a case opened with them - will see what happens.
Unfortunately no useful information yet - just had to escalate the issue within Yahoo. Will continue to push the issue with them.
Here's my summary of the phone call I had with Yahoo earlier today (along with some personal commentary):
I don't blame the woman that I spoke with - she's just delivering the message. (And she did fairly well putting up with my complaints.)
Thanks for this, JP. I don't use webmail either, but the spam was definitely sent out through webmail because the spam messages were sitting in my webmail sent messages folder.
Also, I have the following line my email header:
X-Mailer: YahooMailWebService/0.8.100.260964
I therefore assume that the spammer accessed the account using yahoo's web service. But I'm not sure how that could have happened. I had only granted access to a few third-party apps, all reputable. You can see which apps have access under Account Info / Sign In and Security / Link your account with other sites. Immediately after the hijacking, I deleted all third party access, and I don't recall exactly which apps were in there, but none were unexpected.
My personal and business email addresses are also recipients of the spam 'I' send from my Yahoo account. i only use the Yahoo account for communicating with people i don't want to hear from again, and when i created my Facebook account. In the last 4 years I have sent mail to only 6 people from my Yahoo account. They all received the Viagra ad I saw fit to send. I've only logged into my Facebook account twice since i set it up 6 months ago, so i have no idea how it is relating here. Several people I know who have this same problem are seeing associations with their Facebook account as well as their Yahoo account.
The message header from my 2nd message:
Received: from [68.180.216.157] by web50102.mail.re2.yahoo.com via HTTP; Sun, 14 Mar 2010 15:21:10 PDT
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Sun, 14 Mar 2010 15:21:10 -0700 (PDT)
Thanks for talking about this. C
I'm having the same issue on 10th of March.
It kept sending lots of mail and stop once I change my password immediately.
I'm using firefox and fully assured that my pc is secure.
I did notice in the sent item header, there is different between mail sent by me manually and this spam email.
My email will have this line :
X-Mailer: YahooMailRC/324.3 YahooMailWebService/0.8.100.260964
The spam mail will have this line
X-Mailer: YahooMailWebService/0.8.100.260964
I'm currently in contact with the customer service but I doubt if the problem is in Yahoo, they will inform me.
I have just had exactly the same thing happen to me. I wake up to find numerous emails from people asking why I had sent them a blank email and others asking why I had sent them a link to a Viagra site. My outbox was full of these messages so this leads me to believe that my address was not spoofed. However the messages were all sent at 1:00AM at which time my computer was definitely switched off and without internet access.
After contacting Yahoo they sent me a canned response about how I shouldn't open attachments from people I don't know, should have a firewall set up, scan for viruses etc. - all really patronising stuff really.
They also stated
"Yahoo! Mail is a web-based email system. Your email messages, address
book and other account information are stored on Yahoo!'s servers,
rather than on your computer. Because most viruses infect your local
computer, it is very unlikely that the virus would propagate through a
Yahoo! Mail account."
So basically - even though we have all had the same thing happen to our Yahoo mail accounts within a short amount of time - apparently the problem is ours and not Yahoo's.
I have changed my password and deleted my contact list and, fingers crossed nothing has happened since (only 24 hours later however).
If the "virus"/ "worm" is on my local computer, why did it not try and propogate through any of my other e-mail addresses such as my Hotmail/ MSN messenger accounts or my OUTLOOK account? This has really made me question the security of using Yahoo mail for my personal and business use though and I am seriously starting to look at other free alternatives.
The recent canadian webpage has mutated. The current hijack is webpage http://www.hndfc.info/. I'm hoping this is an isolated incident. Once again its a yahoo email account. I didn't change passwords in hope that i could coerce the intended perpetrators to attempt another launch. I am in contact with those whom believe we can overwhelm the isolated server with a mass email to overload and lock it down indefinitely. Turning their stolen adress pages against them in turn.
United we stand divided we fall!
Fantastic. Please keep us posted.
Two of my Hotmail accounts were compromised in the same way Michael's email account was. Below is a interesting and informative article from "Ask Leo's" Blog. Maybe this might answer some questions, though the resolves are limited. He has a few other entries regarding this topic as well that may answer some of the questions you all are posing.
http://ask-leo.com/someones_sending_from_my_email_address_how_do_i_stop_...
I noticed the same thing.
My Email
X-Mailer: YahooMailRC/240.3 YahooMailWebService/0.8.100.260964
Spam emailer
X-Mailer: YahooMailWebService/0.8.100.260964
I am had the same problem on March 19th
This is the header
Received: from [69.147.111.189] by web52105.mail.re2.yahoo.com via HTTP; Fri, 19 Mar 2010 03:34:27 PDT
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Fri, 19 Mar 2010 03:34:27 -0700 (PDT)
One thing that has been overlooked in all of the above replies is phishing.
People create pages that look exactly like yahoo and when you type in your username and password they record it and then log in as you and then spam your contact list selling viagra, among other products and/or services.
better than 90% of the time when this happens, it is simply phishing.
So according to yahoo, you did send those emails because it was your password and username that was used to log in.
Possible but in my case, at least, unlikely. I use pop mail and rarely log into Yahoo. When I do log in, it's through a bookmark, and my password is stored, so I don't even type it in. Finally, Yahoo uses a sign-in seal that a phisher wouldn't be able to reproduce.
The phishing scam seems unlikely to me as well.
I am in the same boat in that my Yahoo mail is stored as a firefox favourite tab which I click to log-in - with my password and username stored automatically so there is no need to click on any phishing link and enter my username/ password again.
It also seems that most of the people posting the issue here are fairly computer literate and it is unlikely that EVERYBODY on here fell foul to the same phishing trick which we have seen (and avoided) many, many times before.
Same situation - PC user; yahoo account; sent to all in my address book - only discovered because of unable to contact messages by mailer-daemon. This time asking if people would like cheap but good quality shoes from www.oifeurs.com - not happy. I have changed my password but would like to know just what to do now?
Messages were sent over 2 different days.
JC
I same situation. Got hacked yesterday. email send to all contacts selling Viagra, festival tickets & god knows what. Changed my password. Contacted yahoo customer service via e-mail.
happened to me today. very embarrasing but just shows you how nosy your friends can be. Not my faul;t they looked at it ! seriously though I use firefox on a linux distro on one computer and firefox on windows xp on the other. So not sure which is to blame ? any ideas anyone ?
Relieved to find this thread - it happened to me this morning and, since i have my work email in my yahoo contacts, I sent the email to myself. It was sent early AM when my pc was turned off; sent to all my Contacts and my Sent Items folder has been cleaned out.
The mail header makes interesting reading; the originating IP address resolves on Whois to Yahoo European Operations, London:
I'd close the account, but I've used it for a long time and have used it to register with a range of services some of which I hear from so infrequently that it would be tricky to transfer all reliably to a new address. I've changed password too from a complex to a very complex one. I'll just have to wait and see what happens.
I was interested though to see the Facebook link - I've had a dormant Facebook account for a few years which i only began to use again a couple of weeks ago; however I didn't use FriendFinder for security reasons. I don't really think the Phishing theory holds up - I key in the web address each time i go to yahoo and never click through from another site. Be interesting to see what results people get from Yahoo.
I have the same difference shown in X-mailer between the e-mail I sent out and the spam e-mail sent from my account. In addition, I have just received two spam e-mails shown as "to" other people that were redirected to me.
I see the possibility of this somehow being connected to facebook. I signed up for facebook two days ago. I used the "friend finder" feature to import my Yahoo! Mail contact list. This morning a spam was sent from my Yahoo! Mail account to my contact list. This email had a link to some subdomain of webs.com (free hosting service). I have no idea what is on the other end of that link.
Anyway, I just went into facebook and see that they state they do not keep your Yahoo! password stored, but they do store the contacts.
I've had that Yahoo! Mail account for however long they've offered the service, so this seems like too much of a coincidence to me.
Anybody else experience the same thing?
I rechecked all of the emails sent from my account, and the IP was
web59610.mail.ac4.yahoo.com
which is not exactly the same as yours, but it is still within the yahoo.com domain.
It happened to me today as well: the exact same issue. It only happened after I opened an email like this that was sent to me. I think clicking on the link activates the self-replication and resending of the email to all of your contacts. So if you receive one like this, DO NOT OPEN IT.
And Yahoo's reply above seems very sketchy, like they are trying to cover up something.
I started getting these same emails from my daughter's yahoo mail. She changed her password, and they have stopped. More likely than not, this is not an issue with Yahoo. More likely is that people are unknowingly giving up their Yahoo passwords to a Phishing Site. They get directed to a Webpage that looks like a "real" Yahoo page, but it is Phishing Site that is collecting passwords.
Once they have your yahoo password, they logon to your yahoo email and send everybody on your contact list a Spam email with a link to a "Canadian Pharmacy" Site. Upon further investigation, the owners of the site are actually in India, and their wepage is being hosted by a company in St Louis Mo.
This "Canadian Pharmacy" webpage is a joke. The only purpose of the Site is to collect more of your information to exploit. In the "report spam" link, they actually ask for your name and home phone number. On the order complaints page, they ask for the credit card number you used to place an order. Needless to say, DON"T GIVE THEM ANY OF YOUR PERSONAL INFORMATION!
The only part of this that may be legit, is the St Louis Company that is hosting the Site for this Indian company. You can send an email to this St Louis host at:
abuse@cybercon.com
If they get enough people sending them complaints about hosting a spamming, theif, site, they may boot them from their server.
I wanted to add this addition info for the Company that is hosting the website for this "Canadian Pharmacy".
Contact them and complain that you are getting spam that is directing you to an Indian owned website that they are hosting.
Cybercon.com
Telephone: 1.314.621.9991 (24x7 live); Sales: 1.800.932.2354
Email:
sales@cybercon.com: Sales mailbox for service features and prices, customized services, ...etc.
support@cybercon.com: Support mailbox for technical questions and technical help. We provide 24x7x365 live onsite tech support to our customers.
billing@cybercon.com: Billing mailbox for invoices and payment related questions.
abuse@cybercon.com: Policy enforcement mailbox for net abuse reportings. We are strongly against spams or any other net abuses. Our Acceptable Use Policies are located at http://www.cybercon.com/aup.html.
Fax: 1.314.241.1777
Postal Mail:
Cybercon.com
210 N. Tucker, Suite 700
St. Louis, Missouri 63101 USA
This happened to me and another friend of mine. The common things we had were:
1. Linked Facebook with Yahoo, have used friend finder. My friend with Hotmail and Facebook.
2. Had same password both on Yahoo and Facebook.
So my guess is we have been hacked thru' facebook. Unlink your facebook and email. Change your facebook and email passwords.
There is a very simple solution.
Log in to your yahoo email account and change the password.
This happened to me today. I got up & found replies from several people in my address book on Bellsouth/Yahoo & I didn't email them. Two separate emails with links were sent from my acct at 5:15.
I ran my virus scan again---nothing. Ran the Microsoft malicious software tool---nothing.
I changed my email PW & my Facebook PW and am trying to figure out how to unlink them. I guess they're linked because I get an email whenever somone posts on my Facebook wall, etc.
Any other helpful suggestions?
Thanks!
They got my gf today, I had a email from her yahoo account selling me viagra,
this url http://grupoecogold.com.br/com/index.html
asked her what the hell?
turns out she had 4 in her sent items, about 10 recipients each.
My dad, her mom, my mom, friends, etc.
hello Mike,
my yahoo email account had the same thing happen to it i sent my grnadma aunts uncle's parents brothers sisters ex's and former teachers a selling add for cialis and viagra...??? Can't sign in to my account says the password is invalid, i just tried to sign on to my online banking that had the yahoo email adress on file and now i can't sign in to my online banking account it too says that i have an invalid password??? Do you think it's related?
It sounds different from what I had because my password wasn't changed. You could have the Kneber bot virus.
Call your bank immediately. Then do a virus scan and contact Yahoo customer care to have them reset your password.
I too just tried to sell everyone cheap Canadian Drugs. WTF? I have a Mac..but did check my email elsewhere. Yahoo has done nothig for me also. I actually had this occur on an aol account but from a yahoo based group.
Well, I am not linked to facebook, and I own a mac and it just happened to me. Also, I use a book mark link to get to yahoo and I don't type in my password. Firefox has it saved.
I found out because I have my own email listed in my contacts- Soooo I sent myself spam, and I did it while my computer was not even turned on!- according to the time sent. Lovely... sent this to my spiritual teacher too. He just asked me why I did that. fucking lovely.... this is so not OK. I just changed my password and I geuss I'll delete all of the addresses in yahoo account. Yahoo just fell from grace as far as I'm concerned.
This happened to me yesterday at 10:53am CST and again today at 9:07am CST. I was not on the computer both times. I use yahoo mail as a junk account. I use gmail as my main email account.
Yesterday and today the offending messages were in my sent folders. When looking at the messages, I could see my facebook pic with an "f" on it so I wonder if fb is somehow involved.
Yesterday, I ran all the spyware/malware programs that I could and they found nothing. I removed all 50 or so contacts from Yahoo mail and thought that would do it.
Today, the virus/person sent a new message to my old 50 odd contacts again even though they had been removed. I went to the Major Geeks forum and followed their instructions for cleaning and found nothing.
After reading everything here, I changed my yahoo password, changed my facebook password and removed all facebook apps that linked to the outside. There was one for yahoo. Hopefully my account will not send more spam tomorrow morning. We shall see.
Why is this not front page news on the internet? I think we should all tell Google about it.
I think this is news worthy. I've never had an account compromised or infection. I'm an IT professional, it's my job to keep others clean and secure. My own systems are immaculate. But somehow my Yahoo account suddenly decided to spam people at 4:36PM EST today. I originally suspected someone compromised the security of my iPhone wirelessly, or tapped into ATT's website... but it appears YAHOO is the only common thread we all share.
I agree that it's newsworthy, but I haven't been able to get any confirmation.
The exact thing everyone is describing happened to me last night. My friend emailed me this blog link and I changed my password on Yahoo. anything else I need to do or should I get rid of my Yahoo account. I've have this same account since FOREVER and don't want to do that if possible. Any ideas?
I'll second this one. Having combated viruses/malware for 20+ years now, I'm extremely anal not only about protecting my systems, but monitoring activity. I've gotten the occasional spam e-mail from friends and family who have Yahoo! accounts as well. Today was the first time it happened to me. And it was only through my Yahoo! account, still keeping an eye on everything else and checked passwords. My instinct tells me that there is something in Yahoo's systems. This is dang odd to only be through Yahoo...
This just started happening to me yesterday and today as well. I strongly suspect it is related to Yahoo's servers being compromised, but who knows. I have not been on my PC's tonight so it must be happening via my iphone or macbook if it is something on my end. Just changed my password to be cautious. Scary.
Woke up this morning to this same problem in my Yahoo mail account (I'm on a Mac using Firefox). There are only 2 things I can think of that might have compromised security.
1. I received an email from a friend of this nature, and I opened the email but did not click the link (which was written to look like a blog address ie. http://www.dslkf.blogspot.com ). Now the emails my account is sending have a similar "blog looking link" in them.
2. A couple weeks ago I borrowed an iPhone from someone to log into Yahoo mail so I could get some info from an email in my inbox.
I've changed the password, but I somehow don't think this will help, I think this is a problem on Yahoo servers. I'm tempted to delete all address book entries but that's a lot of work.
This just happened to me yesterday. Thankfully I didn't have many contacts in my address book but I recently used the website www.mobiles24.com and used the yahoo email address that was comprised to sign up.
WOW. I just read thru this whole page...interesting stuff. I had this problem starting back in January. It happened twice in about 10 days. I subsequently deleted my yahoo email address book and never had the problem again.. UNTIL I re-added a name to my addressbook! Fortunately it was my wife's name/email! LOL! I did not know it, as she hadn't said anything to me, but she has since been getting DAILY spam messages from me! I checked my sent folder and some were there, some were not. Also contacted Yahoo, same run-around, must be a virus, etc on your machine---when I told them I use 4 different Mac products (Home iMac, work Macbook Pro, iPhone 3GS, iPad) to access my yahoo acct, they said I must dl and run anti-virus on all of them! And, I should contact Apple support! They were very nice and gave me links to all the necessary 'other' resources to help me! But, nothing that actually helps me. Talk about an expensive solution...if that's a solution. I also just changed my password, at their insistence, but it sure appears to me that this is a Yahoo problem, not an individual user problem. This is a major inconvenience for me, as I have used this yahoo address for about 12-13 years, and many of my friends, colleagues, acquaintances, societies, associations, etc all have this as a contact email for me. It wont be the end of the world getting rid of it, but it would be major inconvenience. I will see what happens over the next few days, add my wife in again (LOL!) and see what happens then. If it stays clear for a couple of more weeks, I will re-add my addresses ( I had dl'd them to my computer) and hopefully that will be the end of it. If it happens again, sayonara Yahoo!
I'm going to amend my story. I have a 2nd Yahoo email account that I rarely use, and hadn't logged in to in about 6-8 months. Today, I found the same bounced emails in my inbox from the spam program attempting to send to the emails in the address book that were old/outdated. There is no way this is the result of something I did, I haven't used this email account in 6-8 months. This is definitely a Yahoo email server problem. I changed the password anyway and deleted the address book entirely.
That sounds like a pretty good confirmation. A question for you--some have suspected that a third party web service was hacked, rather than Yahoo mail itself. Did you grant permission to any other sites, i.e. google, facebook, to access either or both of your yahoo accounts?
I do use one account for Facebook, but I do not think it has access like that. I've used the "friend importer" on Facebook for example, but each time I've used it, it requirede a pasword to be entered, it did not store the password and I do not store my passwords for auto-fill. The other Yahoo address, the one I rarely use, has never been used for anything like Facebook or Google, so that's why I am pretty confident it's not a user-problem. I found more bounced emails in my original Yahoo account this morning so I exported my contacts and deleted my entire address book. So changing the password did nothing. Pretty darn annoying.
I believe this is caused by a third party app that retrieves all the addresses in your address book and can send them messages with or without the account owner's permission. Most social networking sites like; facebook, plaxo, myspace and etc.. can easily access your address book in your mail account. I have even noticed that they can even find out whom you have emailed regularly even if they are not in your address book. Maleware could be a cause but I doubt it. This is probably some phishing site that is acting more maliciously!
Every time you go to a site, they put cookies on your machine and also record all your clicks. You can easily be tracked on the internet. So when you get an add popping on a website you're surfing, that add could be specifically for you (not always though). Here is the rule of thumb; unless you setup a server at home, get your own domain name and run your own mail and all behind the firewall, you should expect these kind of things to happen. Especially if you use free services; like yahoo, gmail, facebook and etc..
Thank you for the gift of your sage wisdom, oh enlightened one. Though it may be presumptuous for a simpleton to offer advice to a guru, I nonetheless present you this ancient proverb, "The man who giveth patronizing counsel on matters of which he knoweth nothing be like an incontinent donkey with two assholes and no head."
PS Learn to spell "ad." There are only two letters, so I think that you can handle it.
After reading this entire page its clear what must be done. Cancel your yahoo accounts and never use them again. I know its a pain esp. if you use Yahoo as your primary acct. But this is going to keep happening as long as you use yahoo. Your password was stolen once from yahoo's servers - it can be stolen again. And again. It would be one thing if Yahoo were all over this, and publicly communicating with their customers with regular updates. But they a clearly stonewalling. F Yahoo.
I FIGURED IT OUT!!!!!!!! I'm in a unique position because about a year ago I opened a Yahoo account but NEVER used it for anything except to set up an account in the Yahoo "Matches", i.e. dating section (which went nowhere BTW!). So tonite I went to my unused Yahoo account and found the email (below) "from Facebook".... or I should say supposedly from Facebook. Its a total and complete fake. A pure phishing scheme - and a pretty good one at that. It reads well. How do I know its fake? 1. I NEVER connected my Facebook acct to my Yahoo acct. Facebook's computers would have no idea I was on Yahoo. This message could only have come from within Yahoo or someone who had hacked into Yahoo. Not only did I never synch my Yahoo acct. to facebook, I never linked my Yahoo acct anywhere. It existed in isolation. 2. Its addressed to "Mike". Thats not my real name. I only used that name for my Yahoo acct. Any email addressed to "Mike" had to have come from within Yahoo. I did not open any of the links in this email. But I'm sure once I did it would asked me for passwords. This phishing scheme relies on 2 assumptions. 1) a fair number of people on Yahoo are also on Facebook, so they would not consider it unusual to get email from Facebook on their Yahoo accounts. 2) people tend to use the same password for different accounts. Therefore when the system asks you to identify your Facebook password (new and old) it presumes that in a certain number of cases it'll be the same as the yahoo password, and - bam - they have access to your Yahoo account and they've got your address book. The scariest part to this is people are reporting that changing your password - which should work - doesn't help. This malware, once downloaded, has some way of accessing not only your current Yahoo password, but any future ones you may use. And even scarier - what's the REAL purpose of this scam? How many people are really buying the Canadian viagra? I'm guessing not many. Which means someone went to great lengths to create an elaborate scheme with no apparent purpose. But all viruses/malware has a purpose. What's the real purpose here? A test run for future more harmful scams? Thoughts? Ray aka "Mike" Oh BTW - the scheme is clever - but not that clever. A "step by step tutorial"? PLEASE! When was the last time Facebook ever offered a tutorial on ANYTHING??!! :) Hi Mike, Recently, we made changes to privacy settings that give you more control over the information you share. When you log in, you'll find a step-by-step tutorial that guides you through the process of selecting privacy settings that are appropriate for you. The tutorial won't be available for much longer. We're asking people like you, who haven't customized their settings since the change, to do so as soon as possible. To customize your privacy settings, just go to: [url redacted] Thanks, The Facebook Team Check out our privacy guide to learn more about these changes: [url redacted] ======================================= This message was intended for [email address redacted]. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe. [url redacted] Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.
Yahoo has been hacked, plain and simple. I have two friends sene me this stuff.
It has happened to me twice now, the second time being this morning. All the comments about Facebook reminded me that yesterday I received a "friend request" e-mail from FB and that when I clicked on the person's profile (not accepting mind you) to see if I knew the person from some other friend, the profile did not even come up, it just took me to my "friend notification" page. It seems to me that the same thing happened right before the last hijacking incident. A couple of questions. Will changing my Y! password be sufficient or will I have to delete my address book as some have mentioned, and if so what then? How do I keep in contact with everyone? I don't particularly blame FB, and am wondering what to do.
The same thing happened to me today
Same thing happened to me last night. Everyone in my damn address book received multiple spam messages about Canadian medicine!!
My Yahoo! account was similarly used to send Viagra spam to everyone in my address book. The message did not appear in Sent items, and the message was sent from an IP address localted in Russia. I use Firefox with NoScript, am pretty paranoid about what I click online, and have good antivirus. (A full scan, with several products, revealed no problems. I work in IT and am used to running multiple scans to find well-hidden or stubborn malware.)
However, I had a mostly-forgotten FB account which used the same email address AND password as the email account which got hacked. http://abcnews.go.com/Technology/facebook-accounts-sold-russian-hacker-k... I'm pretty sure this is what happened to me: my FB account was among those harvested, and my password, though a good, non-dictionary-based one, was used for both. (In hindsight: that's stupid, especially with Facebook's stellar reputation for privacy, security, and such.)
Anyway, just thought I'd add to the discussion in case it helps anyone else figure out what happened. (I've since changed passwords on all related accounts and anything tied to that email address and removed all email addresses from contacts since I rarely use that email account anymore.)
My Yahoo account sent either a blank email or one with a link to a viagra ad to all my contacts about 1:45 a.m. today. I also got these emails from "myself" I've since deleted all my contact list and changed my password, but what good will that do if Yahoo's servers get hacked into?
Same thing happened to my husband and me last night. Have not upgraded to IE8, but we use Yahoo, and our FB accounts are linked to our respective email accounts (have removed the links today). I did have the bogus emails in my Sent folder, and had a bunch of errors in my Inbox folder, which is how we noticed the problem. All emails sent seemed to have different URLs in the contents, but I don't know where they went as I did not click on them. Bitdefender and SpyBot turned up nothing. Any news on the "help" from Yahoo?
actually - yes - i just had a mailer-daemon reply on an email account that has the same password as my facebook account.
i actually sent an email from this yahoo account, and got a reply instantly that the email did not make it to the purpose-account, and that the .EML text attachment was attached, and the reply-ee being a mailer daemon.
of course, yahoo would not allow opening of the attachment because its a virus.
ive got another yahoo account that is registered with facebook (both accounts registered on facebook...actually) but the password is not the same as the one used in the daemon account or facebook.
i created the new account to keep FROM having issues with spam due to the age of my opposing account having so many contacts on it that are important - IE - business opportunities, school professors, etc etc and now this new account is the one that is compromised.
now im going to change both facebook and yahoo mail passwords on all accounts.
BTW i did a massive scan, im a computer engineering major, and my computer came up clean - as did my laptop which i built from scratch.
all of my passwords meet business encryption standards and contain letters and numbers.
"Maleware could be a cause..."
That's it, Genghis, have you tried changing your boxers? Or maybe that old pizza-stained tie-dye....
Works for me.
This just happened to me on 6/12/10. My facebook password was the same as my Yahoo Mail password. Was this the case for anybody else?
I got hacked, too, on Friday June 11. Viagra spam was sent to my contacts. I knew right away, because I am one of my own contacts, so i sent myself spam, plus got some bounced email notices in my inbox. I was able to log into Yahoo with my old password, and changed the password and recovery email address.
I changed all my passwords everywhere online, since the hacked account had my favorite password attached to it, as well as my favorite username. Dumb, to use same username and password everywhere, I know! The password was pretty strong, but not super strong.
Spent 9 hours!!! changing usernames where possible, passwords everywhere (using http://strongpasswordgenerator.com/) and linking online accounts to my gmail account, not yahoo email.
I'm on Mac, so it was not a virus, and I know phishing when I see it. Either something's going on at Yahoo, as others have suggested, or security was compromised at some other site where I use that username and password, and they took that username and password straight to Yahoo to see if it worked, and of course, it did. They probably would have tried Facebook next, but I beat them to it.
They sent the spam out using the Yahoo web interface, my computer's email client was not involved. I could tell bcause my yahoo online contacts are different than my computer's email contacts.
The contents of my inbox were gone, and there was no record of the sent spam in my sent mail, but my old sent mails were still there, as was my contact list.
FWIW, my password was the same as my Facebook password, as well as for a LOT of other sites I'm on, which as I mentioned, I know is dumb. Facebook was not hacked, though, I think they started with Yahoo.
No other accounts appear to be compromised, but then, I was quick to respond to the initial Yahoo hack. I will be closing my Yahoo account soon, assholes. Their non-responsiveness to this is inexcusable.
BTW, did anyone else notice that Googling, my Yahoo email hacked, brings a bunch of utterly lame Yahoo Answers posts to the top of organic search? This particular blog post was the only post with actual content regarding this problem, and it was relegated to the second page.
Yahoo knows enough about search to bury real content about this problem under a pile of fake Yahoo Answers!
Anyway, I can't stress enough using strong passwords, and a DIFFERENT password for every site. And don't use yahoo email addresses for password recovery, if you use yahoo email at all.
I've started getting this type of message over the last couple of weeks, from multiple different, unrelated sources. Info seems very hard to come by, found this page finally, seems like the only legit discussion of the real issue anywhere. Quick rundown of what I'm seeing:
-3 messages, 3 different sources
-Two links to med sites, one random uname:pwd combo
-Senders systems: 1 Yahoo, 1 Comcast (Yahoo? still verifying), 1 AOL (outlier!)
-URLs leading to junk domains redirected to med sites.
WARNING - listing URLs for completeness. CLICK AT YOUR OWN RISK.
message 1, Yahoo user
header snip:
message 3 - from AOL user
from headers:
; <<>> DiG 9.4.3-P3 <<>> http://www.vhc4.womanhealth-c.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options: printcmd
http://www.vhc4.womanhealth-c.com. 900 IN A 210.93.104.133
http://www.vhc4.womanhealth-c.com. 900 IN A 72.252.155.201
http://www.vhc4.womanhealth-c.com. 900 IN A 96.55.211.105
http://www.vhc4.womanhealth-c.com. 900 IN A 71.203.188.73
http://www.vhc4.womanhealth-c.com. 900 IN A 190.140.114.196
all i can do for now, i'll try to get back to this later, wanted to put it up while i could...
keep hunting!
I had this happen on the 13th of June. I would not have known, had some of the emails not bounced back because they were sent to "no reply" emails. I quickly determined that every time I received an email, an email was sent from my Yahoo account to that address. It consisted of only a link, one that was for a Canadian drug site.
We finally discovered what was happening. Apparently someone had gained access to my Yahoo email account and had set a "vacation response". It was set to run from June 13, 2010 to June 13, 2013. The only thing in the text area was the link to that Canadian drug site. So every time I received an email, a responding "vacation response" was being sent to that address with this URL in it.
I changed my password, cleared the vacation response settings and things are back to normal (for now). It was an easy and quick fix once we determined what exactly was causing the unwanted return emails.
Thanks to everyone for posting, especially to Genghis and Anonymous in KY. After 3 days of freaking out, researching, copying and comparing information, this blog really IS the only place that I've seen similar problems.
Very anal detailed background:
* I'm on Mac OSX Tiger. I've read articles that mention newer malware can be downloaded from visiting a webpage (not opening link) AND Tiger can't detect this download.
* I use several Yahoo and Gmail accounts. Thankfully, the corrupt account is the anonymous one I use for RECEIVING subscriptions, not SENDING email and contained less than 25 Contacts. 1/3 were mine/spouse (and went directly to spam/junk folders), 1/3 bounced.
* I'm on Firefox 3.6. I rarely use Safari 4.0 or IE 5.2 (for the Mac).
* I do have Facebook, but rarely go there and nothing is linked.
1. On Wed 6/16, 4:36am - blank email is sent to myself.
Subject: vacation response. no message.
2. On Wed 6/16, 4:36am - second email is sent to myself.
Subject: vacation response. Single line pharmaceutical link.
3. At 8:23 am, 3 emails were sent (max per email = 9 addresses), no Subject, different links in the message.
X-Mailer: YahooMailWebService/0.8.104.274457
4. My Options were also changed:
a. 'save emails to sent folder' was UNCHECKED.
b.'save new recipients to Contacts list' was CHECKED.
c. vacation auto response was set - June 16 2010 to June 16 2013. And I can't seem to change the dates. I did turn off the feature.
d. automatic message had 4th spam link. Which I changed.
+ I deleted my Contacts list and changed my passwords on all Email accounts.
I am really hoping this is it because I've spent WAY too much time researching what I need to do. I've been extremely lucky but I have other accounts and I've seen fix-its ranging from 'change your password' to 'rebuild your computer'.
I haven't created a new account yet, so, uh, the email listed for this message shouldn't be replied to.
Update on my Yahoo email: It got hacked again, June 20 around 10pm. I had deleted my contacts after the first hack, so apparently only one spam email was sent, to myself, from myself. I would have gotten some bounce messages like last time otherwise. The spam was for Viagra. I was agian able to log in and change the password.
Interestingly, after the first hack I changed my password to a 14 character mouthful of gravel from strongpasswordgenerator.com. There is no way any password program could have cracked that password. Obviously there are security issues at Yahoo.
FWIW, my brother the programmer says Yahoo as an organization is disintegrating, nobody's minding the store. Yahoo is not serious about security. From word of mouth in my circle and on Twitter, increasing numbers of friends are getting their Yahoo accounts hacked, and there are a variety of spams/scams that occur as a result of the hack.
He says that in hacker world, there is most certainly a known exploit in the Yahoo security system that sociopathic programmers are right now using to generate newer and more sophisticated programs to harvest Yahoo email accounts. They are programming away as we post. More and more spammers/identity theives/sickos will jump on this bandwagon with various motives and objectives. This will continue to happen until Yahoo fixes the exploit, but we have seen from this thread that Yahoo niether acknowledges nor is really serious about fixing it.
Bottom line, switch to gmail.
Anyway, I still have my Yahoo account open, but it is stripped. No saved emails anywhere, no contacts except for myself (so i can get the spam when I am hacked again). I am leaving it open to recieve the large amount of email i still get to that account, and notify people as need to use another account to contact me. I delete emails as as soon as I get them and then empty the trash. And delete any dsent emails as soon as they are sent.
If you want to still keep you Yahoo account open for some reason, here are some precautions:
--strip the account of your personal info. Real name, adress, anything. Birthday. Really poke around in Yahoo. You may be surprised at the information you have given them.
--See what security questions you've given yahoo. Change them to inaccurate answers and write them down somewhere so you don't forget.
--strip the account of all folders, inbox, sent emails, drafts, everything. You don't want them havng the verification code for your gmail account, or worse.
--Double delete your contacts. Even if deleted, they are still there. Poke around in the contacts pane.
--Did you ever pay Yahoo for anything? Mail Plus? Personals? Pay Flickr Pro through Yahoo? Then you have a Yahoo Wallet. This is bad. Find it and strip it of credit card info.
--Um, you don't have Yahoo Paypal Checkout or Yahoo Express Checkout through My Yahoo, do you? Well, now they do, too.
--what email addres did you give Yahoo as your password recovery address? Is that a secure provider? Does that account have a unique, very strong password?
Good luck!
Although I won't dispute that there might be security issues at Yahoo (and not only will I not dispute it, I strongly suspect you are right), I should point out that even the strongest password will not do you any good if your machine has been compromised with a trojan horse that is, for example, recording your key strokes. Of course, if that were the case, I'd expect far more unpleasantries than simply sending mass spam.
Atheist, I think my computer is secure, and the hack was to the online yahoo account... Evidence is that the contacts involved are from online, which are different than email client, and I'm on a Mac so Trojans are unlikely, and as you said, there would be more grief if they were keystroking me somehow. Hope I'm right!
I agree with Jeannette. There are PC viruses that can capture keystrokes, as I linked to in the main post, but no known Mac viruses or trojans that can. The number of people who have claimed to have the problem despite using Macs or virus-protected PCs definitely suggests a security breach at Yahoo.
BTW, good advice Jeannette. I also deleted all my contacts from Yahoo (except for a secondary email address of mine to monitor whether it happens again). I should have added the recommendation to the main post and will do so soon.
PS I've also heard plenty of criticisms of Yahoo from people in the business. I filed a Better Business Bureau compaint against Yahoo, though I'm sure it's useless.
Thanks for the GREAT advice.
I did receive a response from Yahoo Security .. basically saying that I downloaded a virus. This is where I am extremely grateful for this blog - I don't open strange links or odd messages from friends ... but I do download Adobe or Firefox add-ons.
I didn't think my Mac needed virus protection, so if I didn't stumble on this blog, I'd probably keep buying software until I "found" something.
* Strip the account of personal info - got it, never added anything "truthful".
* Strip the account of all folders - crap ... any suggestions on how to download or transfer folders?
* Contacts - got it, will check thoroughly.
* Yahoo payments - I'm pretty sure I never have ... but I'll need to think hard on that.
* Recovery address is a paid-for account. I'm also going to start using gmail for everything.
lastly .. this is a riot. I received a bounce back to an email from last week --- apparently I sent a spam auto-response to a spam email! love it.
let me tell you why yahoo cant give you information about why it was hacked: THEY DONT KNOW; afaik nobody in the tech department on ANY email provider knows. they are still "investigating" this problem.
I have received three such messages in 2 weeks, one came from my brother who has a yahoo account and does not have facebook. The second came to my work email address from someone with an AOL address. The third came to my work address from someone with a Comcast address.
So, this may have originated with Yahoo but it's widespread. Best suggestion, which is advice I wish I had taken ... if all that comes in a message from anyone, even if it's family, friends or clients you trust is a link to a website, delete it.
My email has done the exact same thing. I randomly send out emails for a Canadian Viagara company. However, mine was in a hotmail account. And it all began when I got an email from a friend with a link. I opened the link and it was the Viagara website. Now my email sends those same links to my contacts!! SO FRUSTRATING!
Hmmm. If its widespread across email hosts, i wonder if there's some social engineering involved (clicking, phishing) at least in some cases.
As for my case, I swear I have never clicked on a Viagra link either on purpose or by mistake. And I never visit dodgy sites (yeah I'm boring). I am certain that the breach was not on my computer but within my online Yahoo account.
However, I just learned from some security experts today about "web bugs" embedded in pages, as small as 1 pixel by 1 pixel, but containing code, I am assuming javascript, that can infect a computer. And that scammers have learned how to place malware infected banner ads masquerading as ads for well known products and placed by well known banner services like doubleclick that link to a fake site or perhaps have the malware embedded in them. A lot to think about. But my hack was not an infected computer but a compromised onine account. I think.
I surf with the Firefox plug-in NoScript, which is a PITA, but generally helps keep me safe, I'd recommend it.
What do you think this is?
LOL, uh oh. Well, I notice I'm kinda itchy lately...
Dagblog is not responsible for skin inflammation, venereal diseases, mental deterioration, or other ailments contracted through this site. Read at your own risk.
Thank you,
The Management
Add me to the list of the compromised. Yay! BTW, I'm an IT professional and web user since the early 90's. I use strong passwords, keep secure Win7 & Debian boxes, and I know I didn't get phished.
Funny thing is I actually pay for the yahoo plus service and the yahoo customer service has been nearly non-existent. 10+ hours since I followed-up to the remplate letter they sent, and still no reply.
The only thing I've done differently in the past 3.5 years on that account was to link my DB account on June 17th, coincedence? Probably, but I now they got brute forced on some other 3rd party app some months ago, so who knows.
http://www.scmagazineus.com/rampant-brute-force-attack-against-yahoo-mai...
Oh well, changed my pass, nuked my contacts, moving to my other provider.
DB = FB... facebook, sorry, been working with MySQL all week :)
Thanks for finding the article, Spagnonymous. That sounds like a highly plausible explanation for the security breach. I've added a link to the main post.
Same thing happened to me, today, 6/28/2010. Russian viagra links sent to all my contacts -- hundreds and hundreds of them.
And all my sent messages from the past 1+ years have been deleted.
And yes, I also use a mac -- although I do check my e-mail from a PC occasionally.
And I, too, received and opened a similar e-mail from a friend two days ago...
Who knows?
But yes, I'm pretty pissed off, too...
After reading all of the posts, my conclusion is that Yahoo's servers were hacked and everyones' personal information stolen, as the one thing we all have in common is Yahoo email. My Yahoo email software was provided by SBC/AT&T years ago as a bundle with their DSL, and I am wondering if everyone else has the same Internet provider? My guess is that this is not the case and some people are probably using a different version of Yahoo, such as the free email, which would further point the finger towards the problem being a Yahoo security breach. I am not registered with Face Book, My Space, etc., so I do not think the problem is stemming from those web sites. I own my own business and am working on the computer every day, so I make sure to run a good virus program, scan for spam, and clean cookies. I have five email accounts with Yahoo, my main business account and four subaccounts. One subaccount was created for my mother years ago, but she never uses her computer or checks email. About one week ago while at a family gathering, my cousin mentioned that my mother had been sending emails to his cell phone. That struck me as odd, since I knew my mother was not using the email account. I checked the account, and sure enough, there had been emails sent out to the seven contacts in her address book, which were all relatives. Three of the emails were returned because the addresses were no longer valid. Other than the returned emails and my cousin mentioning he was receiving them, I would not have known the account had been compromised, as there were no messages in the sent folder. At that time, I searched the Internet to see if anyone had encountered the same situation with their Yahoo address book being compromised, at which point I found this site. I made sure to thoroughly scan my computer for viruses, spam, etc., but everything came back clean. My next step was to change the password on my mother's account and verify that none of my other accounts had been compromised. Well, on Sunday (yesterday) at 5:42/5:43 p.m. PST, my main business email account had apparently been accessed and 94 emails were sent out with a link inside. There were seven emails returned because of invalid addresses, and all of the original messages were still in the sent folder. Oddly enough, the same email was not sent to my other subaccounts, even though those addresses were also in my address book. Another interesting thing was that all 94 emails were sent out in a matter of two minutes, with nine separate messages being created to divide the contacts in my address book. This really does not make sense to me because if it were human intervention alone, wouldn't it take more than two minutes' time to create nine separate emails and add each address by clicking on them individually? An easier way to have sent out the mass spam mail would have been to simply click on the box to send the message to all contacts at one time (I am not sure if this will help elucidate what might be happening, but I thought it was interesting). I have since changed my password on the main account and deleted some addresses from my other subaccounts, as I am thinking the same thing will occur there in the next few days. I debated on changing the password on those accounts as well, but I am curious to see what happens. I then attempted to phone Yahoo and pressed various prompts to see whether I could reach an actual person, as their outgoing message states that they should be contacted by email. I was able to reach someone by pressing option #1, but he just kept saying he was sorry and that the only thing I could do was contact the spam department or legal department. If you read the posts above, we all know this won't get you very far, so I decided to phone SBC/AT&T instead. At first, AT&T tried to give me the run around, telling me that the problem was on my end because I most likely let someone use my email in the past, but I told them this was not the case because no one was allowed to touch my computer. A manager finally got on the phone with me and said the same thing had occurred a couple of months ago, where they had numerous customers phoning in because of these types of emails, and he told me that changing the password would not resolve the problem. He then transferred me to the level II tech business department, but I was not able to speak with anyone because they said it was a fee-based service, which I refused to pay. Since my company is a home-based business, they told me that I could speak with the "residential" tech support department, but I did not bother contacting them because my past experience is that you are transferred to India, where they read basic information out of a book, which I know I have already done on my end. If you are able to get through to their level II residential tech support department, it is then hit or miss whether you can actually find someone that might be able to help. At this point, after all I have read on the Internet and the troubleshooting I have done on my end, I am convinced it is a Yahoo security breach, but the problem now lies with what to do next. For the time being, I am going to continue using my Yahoo email because it will be a huge endeavor in switching over to another provider, but I will have no choice if the same thing occurs again in the future after changing my password. I am not ambitious enough to pursue a lawsuit, but if anyone else has the drive, I am more than willing to provide as much detailed information you might need. Needless to say, I am furious that my security was compromised and my business associates plagued with this problem. If Yahoo is not taking the time to ensure their customers are safe, what will be next? I don't know about you, but I have a lot of personal information stored in email folders, which means they might have obtained even more sensitive information that could cause some really big problems down the road. I feel Yahoo should fess up to where the problem originated, letting their customers know how to avoid the same situation from occurring again in the future, instead of hiding out and trying to tell us the problem occurred because of something we did incorrectly on our end.
Thanks for the detailed feedback, Anne. I'd say that pretty well pinpoints the breach at Yahoo. I didn't feel like springing for a subpoena either, and I doubt that it would produce anything useful. I filed a complaint with the Better Business Bureau, deleted my online contacts, and left it at that.
BTW, my contacts were also distributed into multiple emails over several minutes. I assume that this was done to get past the spam filters and that it was performed by a bot, not a person.
Don't worry, Ghengis, i'm not gonna sue or even call your GF. i visit plen-tee of dodgy sites IRL, so that could account for the itch. Thanks for providing the only REAL forum anywhere for useful discussion of these hacks.
I think @Spagnonymous finally provided the explanation by referencing the only real reportage on the problem as well, the SC Magazine article he linked to above. I think it's pretty obvious bots/programs are implementing the mayhem in our accounts, not individuals. With so many people affected, I can't believe Mashable or somebody isn't posting about this.
After reading Anne's account of mobile phone spam, I am deleting the phone contacts I left in there on account of the lazy.
In that case, we may have to block you, as you're obviously a carrier. We have standards here. However, I will advise the Evil Commenter Review Committee of your excellent precautionary recommendations, which I've added to the main post, so they may show leniency.
And thanks for re-linking the article. I missed Spagnonymous's reply in the deluge of comments. That definitely sounds like a highly plausible explanation.
Same thing happened to me today (05/07/2010). All my contacts were sent Viagra Spam from a yahoo account in Brazil.
My suspicion is that it is related to the new Yahoo feature (contacts/updates etc). There are some tick boxes that imply that your contacts have access to your other contacts, so your security is only as good as the weakest link.
Anyway, I sent an email to yahoo with the header information from the spam, and won't hold my breath regarding a useful response :-)
Steven
A lady in my office hijacked my yahoo accounts and several people that work
in the office as well as several of my contacts that had yahoo accounts. We fired
her and pressed legal charges but that went nowhere. I asked her how she was
able to take over our yahoo accounts and she just laughed at me. She would
hijack my accounts moments after I changed my passwords. The secret questions
had phoney answers using slang words my buddies and I made up in highschool.
She can hijack a yahoo account at will. I sure don't know how.
I went throught the same BS with yahoo. They were no help whatsoever and always
seemed to suspect she was guessing the secret questions somehow.
Same thing happened to me today (11th July 2010). Mine was sent from hungary
Received: from [84.3.229.223] by web110015.mail.gq1.yahoo.com via HTTP; Sun, 11 Jul 2010 01:58:24 PDT
X-Mailer: YahooMailWebService/0.8.104.276605
I have been doing some googling and I have found that yahoo have an API which allows smartphones access to your contact list etc.
The timing is about right as I checked my email at about that time on my HTC Desire running android. I then tapped on an interesting link talking about yet another patent law suite.
My guess is that the web server hosting the content is comprimised and using the yahoo API to send the spam/virus.
Mike
they got my girlfriend's yahoo account yesterday and today,
second and third times.
she doesn't have a facebook account.
I'm fairly confident that it not a problem with our computer.
I'm really supprised that this hasn't been fixed, or
that it isn't bigger news
If thay can send messages with your account,
couldn't they read all your emails too?
I think they attempted to get me again this morning. At around 12:38 a.m. PST, I just so happened to be looking at my email account, when I received a supposed message from Yahoo telling me that I had to verify my sign in status periodically. When I received the message, I was automatically signed out of my account, but I signed back in immediately. I have used Yahoo for at least five years now and have never received a message that I would need to verify my sign-in status in order to leave my email account open and idle. Once I signed back in, I monitored the account to see if I would receive another similar message, but I remained signed in the remainder of the morning, up until around 3:30 a.m. From what I have read above, it seems that everyones' computers have been shut down at the time our accounts have been accessed and emails sent out to the contacts in our address books, so I am wondering if the odd message asking me to verify my sign-in status was another attempt to hijack my address book and send out more emails. I would have liked to test this theory out further by not confirming my status last night, but it was my main business account, so I did not want all of my business contacts receiving another supposed message from me with a link. After my account was hijacked the last time, I changed the password on my main account and the one I use to access the email account. As of last Thursday, I changed over to fiberoptic/U-Verse with AT&T (same email address/account), which has given me the opportunity to speak with many of their level II techs. I have had a couple of glitches with my email account (unrelated to the hijacking incident), which has them corresponding with Yahoo techs. Unfortunately, even the AT&T techs cannot reach the Yahoo techs by telephone, so they are having to write trouble tickets and wait for a response. I mentioned the hijacking incident to the AT&T tech I spoke with by phone today, who first tried to tell me the incident occurred due to something I had done incorrectly on my end, such as someone accessing my computer from home, my being signed up at another web site that logged my keystrokes, my computer being infected with a virus, etc., all of which I told him were not the case. After speaking with him for a while and telling him about this web site, he finally agreed that it seems odd so many people would have the same thing occur on the same days. I told him that it would be nice if someone from AT&T and Yahoo were more concerned about this type of thing happening and that someone should be looking into the problem so that our accounts were kept secure. Since he was already writing up a trouble ticket to send to Yahoo, I asked him to also write up a ticket for my account being hijacked on 06/27/10, where emails were sent to the 90-some people in my address book. The AT&T tech was already looking at my email account at the time, so he took a snapshot of the Breach folder I had created and all of the messages that were sent out on that day. I highly doubt anything beneficial will come of the trouble ticket that AT&T sends to Yahoo, but I am hoping that if more people continue to complain, they might actually do some investigating and inform us as to how our accounts are being accessed. If I receive a valid response from Yahoo or AT&T, I will be sure to post the information here for everyone to read. I forgot to mention above that I asked the AT&T tech if it were possible I had received the message this morning because Yahoo was working on my account, and I was told that was not the case because the Yahoo techs would not need to sign me out.
Thanks for the additional details, Anne. The sign-in email definitely smells like rotten phish. But a number of commenters here are pretty are pretty savvy about phishing, so I doubt that phishing is responsible for all of the attacks. (I, for one, would never respond to an email telling me that I had to verify my login status.) The phishing attempt could just have been a coincidence.
Thanks also for alerting the AT&T tech to this post. It will be interesting to see if he has any more more luck than we did. I'm sure that Yahoo is aware of the problem. Some Yahoo customer support people have admitted that they've been deluged with complaints. I'm also sure that they don't want to tell anyone what the problem is, hence the stonewalling.
I did not give thought that the sign-in prompt might be a phishing attempt. I was thinking that when the bot accesses our accounts, we are automatically signed out and receive the message just to see if we are currently online and sign back in right away. It could be like you said and was just another odd occurrence that has happened to me lately, but it seemed a little too coincidental that this type of thing would occur a few weeks after my account had been hacked. I also think it is a bit odd that no one has actually been online while their address books were accessed and am thinking there is a way the bot knows when the computer is powered off or idle. I generally have my email open seven days per week, up until the wee hours of the morning, and my account had been accessed on a Sunday when I just so happened to have the computer shut off.
From the sounds of it, both the Yahoo and AT&T people are aware of the problem, yet both parties keep trying to tell us that our accounts are being accessed due to something we have done wrong. An AT&T supervisor told me a few weeks back that they had also been deluged with similar complaints. If Yahoo isn't fessing up, then I at least hope they are working on fixing the security breach!
Thanks so much for the information, Ghengis, and this web site. If it weren't for the information I read here, I would most likely still be troubleshooting my computer and trying to figure out where I had gone wrong.
Great Post thanks for sharing Casinò Online online 1 poker roulette online blackjack onlinemigliori casino online italiani online casinos gambling europacasino spin palace casino on line poker online onlinecasinobaer casinorsk
Ok, please no more detailed reports of the problem! We get it. We're all victims here. :-)
After reading this entire list, I still do not see a clue as to what the hole is. Does anyone (technical) have an idea?
To be clear: It's not a virus on your local machine. I do not believe that they have your password. Somehow the hacker has gotten your email address and access to your entire address book. Once they have this info, the rest is easy. They simply spoof the Sender as you and send periodic spam to your entire AB. You receive the bounces and errors of course. I'm really confused how the Sent Folder gets erased, though. This part is especially scary (but could be an automated system by Y! when it detects bad stuff.... just a wild theory).
I have only ONE CLUE: I recently received a request to be added to my Contacts. I foolishly accepted (no idea what I was thinking). The spam happened IMMEDIATELY after I accepted the contact. But, I still have no idea how this could open a vulnerability.
So, if any technical person has an idea, please let us know. I'm just curious how the attack works and shocked that no one has explained it anywhere. Its a dirty little secret that needs to be outted.
rc, not everyone writing in may be victims of the same attack, but at least in my case, the sender did not spoof my email address. The spam emails were in my sent mail folder. Judging by the email headers, the spam seems to have been sent by an automated third party through a web service.
Since Yahoo has not provided any information, we're all speculating here, but I think that the most plausible explanation for many of the highjackings is a security breach of yahoo's mail servers as described in this article.
What you described sounds different though, perhaps a phishing scam. Did you log in to accept the contact request? If so, you may have logged in to some spam website designed to look like Yahoo and unwittingly given away your password.
The same spam thing happened to me last night/today. I didn't click on any contact requests and I'm also Mac and use Firefox. My Sent folder was also suspiciously empty. This appears to be a rampant problem with Yahoo. Changed password and got gmail account. Keep us all posted.
I unfortunately was still using a very old 6 digit password on my AT&T/Yahoo powered account and got hacked yesterday. Shame on me for being so antiquated in this day and age.
Instead of a viagra ad message being sent from my account, the below message was sent, asking for money ---
I got hacked on 8/12. I'm on a MAC as well and can only guess that it was from checking my email on a PC. And I hardly even use that yahoo account anymore. I changed my password and deleted my contacts. Yahoo needs to see these complaints.
Also got hacked 8/18. 3 years worth of sent mails gone. However, spam was only sent to a few of my contacts, 3 of which were no longer valid addresses. Did a full system scan and came up clean. Virus protection is up to date. Disturbing that this has been going on since the beginning of this year, yet finding info on this topic is severely limited.
I was hacked in this way (the fake Viagra offer email sent to all in my addy book) today at 4pm when I was not on the PC and my mail in yahoo was closed. I had received the fake email at 2pm today from a friend thru her email w/AOL but she was not online at that time - being at work. I guess this is chugging along still
A viagra link went out from my yahoo email this past Friday, 8/20/10. This is despite not logging in to that account for months (like many have indicated here). This problem did not impact my gmail account despite the fact that i have all yahoo emails forwarded to gmail. this demonstrates a very important point: yahoo has a security breach and are not honoring their part of the email account bargain by securing our accounts. I'd recommend people delete their yahoo account contacts and create a new gmail account. it is so easy since u can automatically have your emails forwarded. Yahoo has clearly made no effort to minimize, communicate, or neutralize this problem, despite many complaints. we should all tell them by not using yahoo, that will send a much clearer message than piddly emails and phone calls to theiir dorks at tech support.
I thought my Yahoo/sbcglobal.net was hacked on Monday 8/16/10. It was so odd because all was normal.... I received my 2.2 android softare push from Verizon and as soon as my phone rebooted all heck broke loose. I had many friends calling asking if I was ok.... they received a message stating that I was in the UK, robbed, teary eyed, etc.
I changed my email password and found that they were having a ball chatting with my friends on facebook, nice. My facebook was shutdown, all my contacts deleted, last 2 months of my inbox deleted as well as 8 months of sent messages. Urg.
I was convinced somehow my software update was to blame.... until I had a friend mention today that they received hacker mail from me around 8/13.... on that day and the days prior I had only accessed my email by phone. She is the first one to mention this. (My computer came up clean for a malware, keylogger and virus.)
It is hard to find info on this topic but these are a few things that I am throwing around. 1. I recently added the Yahoo! mail app on my Droid. Security issue with the app perhaps??? 2. The 2.2 software was purely coincidental but maybe they saw that my IP address logged in as a mobile IP and they felt I was away from a computer and that they had more time to play in my accounts.
I felt a little helpless in the whole situation but I am convinced that my password being used was not my fault (did someone say YAHOO). I just can't trust Yahoo and found it super easy to import to gmail. Just wish I could get my facebook account back...
Good luck to everyone. This is by far is the most informative posting on this topic.
I got hit, too. I use my yahoo email address pretty freely (it's basically my 'public' email address), but I don't use the yahoo mail interface -- emails get forwarded to gmail. I have 3 messages in my sent folder, each to about 5 people. I suspect there are more that have gone out, based on bounces I've gotten.
The three I can see are on July 1 at 9:25 AM, July 2 at 2:47 AM, and August 1 at 8:24 AM. The message body is just a link, which I have not clicked on -- each link is different, but each link incorporates my yahoo username somehow.
I've changed my password -- we'll see how it goes.
I was also hit. I am not a yahoo user and do not use Facebook. I am a Mac user and use MSN and have had the email with a link to a canadian pharmaceutical site selling viagra sent to all of my contacts twice. The first time was probably a month ago and I ignored it thinking it was a secluded event. I probably should have paid attention, but ignored it. The main reason I am even posting this is to say that it is not strictly Yahoo. I have never used Yahoo or facebook and am the only one is my household over the age of 6. No one else uses the internet. I received the emails that bounced back, but like others have no proof in my sent messages.
Great blog! Glad I found it! Happened to me too - today! Friend mentioned two weeks ago he got spam from me. Ran Avira, malware Bytes, and Spybot - nada. I wouldn't have know the route except today I got the bounced email from dead/old email addresses in my contact list. The header definitely said it came from somewhere else. [113.167.117.90] is the ip that somehow accessed my web account at Yahoo. The mail web server used was 'web33708.mail.mud.yahoo.com via HTTP', so it did not come from my pop mail version of Yahoo mail. They are clever, they registered that ip address as 'localhost' - really messes with routers. I checked it with reverse DNS service. A tracerout kinda gets lost and times out, but last url name is 'vdc.vn' before stopping. before I found this blog, I already deleted my contacts, but now I am scrubbing my info on there. I am bummed my other real email address is in there as backup. I suppose I could have logged on yahoo which nabbed my keystrokes, with an infected computer - as noone has my password but me. Here is X-Mail Header: X-Mailer: YahooMailWebService/0.8.105.279950 (don't click on any ips or address links in theis reply as a precaution)