Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Spam Reports

December 14th, 2009, 11:35 GMT · By

Yahoo! Messenger Users Phished for Facebook Credentials

SHARE:

Adjust text size:


Infected Yahoo! Messenger users spam Facebook phishing links
Enlarge picture
Security researchers report on a new phishing campaign that circulates on Yahoo! Messenger and is instrumented with the help of hijacked accounts. A spammed rogue video link takes users to a fake Facebook login page.

The new attack was discovered by researchers from enterprise software giant CA. "While using Yahoo Messenger recently I received new IM Spam from my one [sic.] of my friends. Just by the look of it I could tell that it was most likely a malware related IM Spammed Message,” Ricardo Robielos III, a research engineer in CA's Internet Security Business Unit (CA ISBU), writes.

"Hii. http://priv[REMOVED]deo.com/live. Klik n login. Ok. .....!!" the rogue message reads. Clicking on the URL opens a fake Facebook login page, suggesting that the user needs to authenticate on the social networking website before being able to see the video.

Inspecting the source code of the page reveals that the login credentials are saved in a logs.php file on the same server and that the user is redirected to a female user's YouTube channel. The YouTube page looks legit and there is no information that the account's owner is involved in the scheme.

"Watch out for these spam messages; my friend was unaware that her account was sending spam,” the CA researcher advises. The spam is most likely the result of a malware infection, but the exact nature of this malicious application has not yet been determined.

Using instant messaging applications to launch attacks is not uncommon. Back in October, we reported on a Skype spam, which distributed scareware; however, that attack was instrumented through fake accounts. In September, Fortinet researchers documented a variant of the Pushbot worm that spread through spam messages on a variety of IM applications including AIM, MSN and Triton.

A similar attack was disclosed by Vietnamese security vendor Bach Khoa Internetwork Security (Bkis) in May. Yahoo! Messenger credentials stolen from infected computers were being used to send spam when the account owners were supposed to be offline.

TELL US WHAT YOU THINK:

4,203 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Fake Antivirus Distributed Through Skype Spam
Social Networking Lure, IRC C&C and IM Propagation
IM Accounts Hijacked for Spam
New Phishing Attack Features Live Chat

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use