Photo phishing scammers hit Yahoo!

Stan Beer
Friday, 07 October 2005 10:00

Business IT - Security

There's a new trick in online phishing, and this time it uses Yahoo! Photos as the bait. Imitating the Yahoo! Photos site almost exactly, it is difficult for most users to tell the difference between the authentic Yahoo! site and a newly emerged forgery.

Users may be lured to the fake site via emails sent by viruses or through IM messages which contain a deceiving link. Once a user clicks on the link, a page will appear requesting them to log in using their personal account. This page is used to steal user IDs and passwords which may then be used for malicious purposes.

Internet security specialist Trend Micro recommends that users visit the Yahoo! page directly to sign into Yahoo! Photos, and avoid clicking on any links found in emails that ask them to sign in.

Trend Micro also reminds users that often receive email or IM invitations from friends who wish to share their photos to avoid rashly clicking on links from unknown sources. The way in which web browser software processes JPEG photos has already been found to possess flaws, one of which allows for the remote execution of programs if exploited. There are already four image files floating around the internet that exploit this flaw, proving that this is a viable concept. Therefore, if online photo albums are used maliciously, it is very possible that they could be used to spread viruses, according to Trend Micro.

This is the second time in one month that Yahoo! has been targeted by phishers. Last month, Yahoo! Games was used as bait for a phishing scam propagated via Yahoo! instant messenger, and with a web page claiming to provide free games, online competition and free downloads. Once users signed in with their Yahoo! ID and password, this information was sent to a third party, who could use the Yahoo! ID for other, illegal purposes.

Trend Micro Australia and New Zealand senior systems engineer, Adam Biviano, says that in the last few months, a great number of malwares have used HTTP to invade channels, becoming second only to email.

According to Biviano, the machines of many users become infected when viewing web pages, with malwares even running directly in the background on computers that have not installed IE patches, while users are completely unaware that they're infected. In addition to phishing websites imitating eBay, Yahoo! and Citibank, blogs, which have become very popular in the last few years, are now also being tampered with to become a new medium for the spread of malware.