Phishing Attacks on Job Site of Yahoo

Netcraft, a Web firm, has found vulnerability on the site of Yahoo that is used to purloined authentication cookies of Yahoo users. This vulnerability could be exploited by attackers to transmit stolen cookies a site controlled by them (attackers) remotely, as reported by NETCRAFT on October 26, 2008.

The report also claims that with this stolen information, the hacker can access the Yahoo accounts like Yahoo Mail.

Further, investigation by security experts tells that the attack is carried out by exploiting a XSS (cross-site scripting) vulnerability in Yahoo HotJobs site at hotjobs.yahoo.com.

Security analysts commented that this enables the hacker to insert obfuscated JavaScript in the hacked page. The script purloins authentication cookies sent to the domain of yahoo.com and transfers them to a third site based in the US where the hacker is exploiting stolen authentication information.

After discovering the new flaw by Netcraft, security experts said that with more developed scams created by hackers trying to attract users into revealing their private details like account, login and password details, security experts are also thinking some similar kind of anti phishing tools that help users into surpassing these phishing mails.

Further, this is not the first time when Yahoo is attacked by a cross scripting flaw. Security researchers informed that the earlier attack targeted XSS flaw in Yahoo's ychat.help.yahoo.com site that also carries an authentic SSL certificate, making the attack more authentic. The hackers make use of the flaw to insert harmful JavaScript in the Web pages of the site through a server based in Spain.

Security analysts commented that in both the cases, it was discovered that stolen Yahoo cookies enabled hackers target the browser sessions of the user. It lets the hacker use all Yahoo mails and other accounts which use yahoo.com domain cookies.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 11/7/2008