Spyware, viruses, & security forum: Yahoo email hijack - help please

I think your manner of password change was a good method, and others need to employ it. A clean report by an antivirus is almost useless, although it is good to clean out the stuff it can detect. It may help for you to review the forum run by the antivirus and even participate with this issue. Slowly AV products are reluctantly admitting in such areas that they can not detect all issues. They do offer however offer methods of examining your registry and re-examination with review of such logs. Many are just other users, so consider what is asked for and make sure it is a logical step.

As Carol noted, "you are your computer's best line of defense", but it sure is getting rough. I have seen several "complete restores" fail to remove some issues, of course any other drive including usb flash drives can be infected as well or Cds created after infection date. Hope you deleted that email from inside your yahoo account, sounds like you are aware and likely did. Am curious if you recall any parts of the link that you clicked, but don't post the full link online.

Have thought of one other thing, is your email account used in connection with any gaming site that requires lowered security settings such as shutting off pop-up blocker, lowering your cookie settings to allow more cookies from more sources, etc? These are common browser attack methods.

I do believe your issue started when you clicked that link, but am considering multiple events. If your browser has been cracked it usually causes redirects to sites you didn't want to go to. That is easy to spot.

I continue mentioning all this mainly because many current issues are far harder to deal with than what you did, but you might have just been lucky. The email from your friend must have been infected and so would wonder what your friend says from his end as to his email account- was it infected & was it Yahoo too? I'm pretty sure Yahoo is using Norton Security now to scan all emails, so somehow this got through Norton if it was a real email in your Yahoo inbox.

I have not experienced any browser hijacking since the email hijack. I do not do any online gaming. I have not had any issues that seem attack oriented since the hijack.

If I do a restore it is a complete restore of the entire hard drive from a disk image. The image is also pretty old. It's a full day job and I'd rather not. Foolproof but very time consuming.

I also note that it seems thousands of Yahoo accounts have been hacked in the last few days. I'm getting links emailed to me from all over the world. They got a friends Yahoo ID even though she hasn't been logged on for days. Yahoo is not secure.

Thanks

nlowin..

See : Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame (Update: Fixed)

Carol

Thanks. saw that article before I started this thread. Thats how I came to the XSS conclusion. It's fixed they say. Yet I continue to get spam from all sorts of yahoo IDs. Yahoo seems to be allot more compromised than they are letting on.

Do you have the SSL option enabled in Yahoo Mail? .IF not, read Yahoo! Mail Makes HTTPS Available.

It may take some time for them to get their act together, but at least they're (finally) headed in the right direction.

This is definately not the browser hijacker that I was anticipating, but would also say that there may be some downloads in the background which could be hiding, again someone should do a full registry log review by code writers of an infected system. Looks like Yahoo has done this but multiple forms of this attack all linked back to a similar hacker seem to be in the wild. Here is a link to a review from Australia and back to youtube showing what to do, (Actually what not to do);
http://www.lifehacker.com.au/2013/01/new-exploit-affecting-yahoo-mail-users-dont-click-anything-suspicious/
Very interesting also is the comment there that;
"The systems deployed by Yahoo7 in Australia are often slightly different to the parent Yahoo company"
Seems today that the bigger the target, the more likely to have an exploit dug up and abused. Diversification may be a partial answer eventually with sites having key security points in random rotation so no script can invade a constantly changing configuration. Remember some doing that with their Windows ME changing key addresses of the operational systems so no automated script would run on their machine, of course that was after they decided that updates were doing no good...That and a few fallbacks to Windows 98 basic stable programs that could entwine within ME to stabilize the whole operating system. There were certain computer abilities that left many wanting to save the CPU despite hating ME, so some odd workarounds came about. But I do remember that diversity did make some of those computers very solid even under attack.
In this case however it may just be that Yahoo has the infections and not anyone's home computer.Or Not??? As the exploit knowledge spreads there will very likely be new varients.
When mentioning the diversity above I was kinda just kicking future ideas around , not ready for prime time, as there is the updating issue if you start renaming everything. There is a mail shield on Avast which may be of some help as long as you add Yahoo. Also see this page on Avast for help in removal of malware;
http://forum.avast.com/index.php?topic=53253.0
if you have more events. That has some tiring work to find the issues, and much time may be spent in that work.