Web Spoofing
Date: Tue, 8 Aug 2006 14:26:33 +0800 (MYT)
Subject: Tips: How to get others Yahoo username and password
From: “Mohd Ali Mohd Isa”
To: lecturer@tmsk.uitm.edu.my
Cc: me@sumardi.net, xmohd_alifx@yahoo.com
Assalamualaikum and good afternoon,
(This message is intended for users of Yahoo Messengers but others are
welcome to read for exra knowledge on Computer Security)
I am a heavy user of Yahoo Messenggers (YM) and lately I have received
links which point to homepages hosted at geocities. Here is an example of
the link. (PLEASE DO NOT LOGIN to your Yahoo Account on the page)
http://www.geocities.com/hehehe_hahaha_lmao/
Once you click the link, a Yahoo Flickr page appear asking you for your
Yahoo Login id and password. Since the page looks EXACTLY like normal
yahoo sign up/login page, normal user would probably just enter their
username and password anyway. Wrong move.
Looking at the source code of the page, you will find the following:
The value of the action field tells us that the username and password will
be send to fiberbit.net, not Yahoo. (1st Alert). Then there are the mail
account of the crackers who is waiting to get all the username and
password which is doserules@gmail.com. (2nd Alert)
Once user enter their username and password, the page will direct you to
the following link:
http://www.geocities.com/got_milf.does_you_good/index.html
Which basically says the page you are looking for is not available. The
trick is extra dangerous since it comes from contacts available in your
yahoo address book.
Counter Measure
—————
While we dont expect everyone to learn and know HTML. One way to
circumvent this is to verify the sender whether they have indeed send us
the link. The trick may also works by email by the way, but so far it only
travels via YM. This is similar to phishing where crackers can put in link
in mail that appear to comes from bank and so on.
If you are wondering what do people do with all these account? Well, they
could sell it. Some people sometimes want to check out what their
girlfriend is up to online, or may be wife so there is a site which offer
this kind of service.
Just wanna share something to all .. Please spread it to your other YM
friends.
Mohd Ali Mohd Isa
Fellow i-Learn Center
Posted on August 8th, 2006 by SMD
Filed under: Technology
I am a Free and Open Source Software lover, advocate. I would like to see Open Source grow, and more users being able to use and understand it. I would like to continue to become a part of this growing community, and to grow with it! 
Leave a Reply