- Joined
- May 17, 2002
- Messages
- 2,252
- Reaction score
- 69
I received an email from someone earlier today looking to buy a high value domain, received to my Yahoo address.
Since he was using a Hotmail email address, a name that did not match the Hotmail username, and had a Turkish IP address, I sent back my standard "fax me a letter" response, given the guy is likely very unqualified, but using my corporate email address.
The guy writes back that "he doesn't understand", but then includes a HTML link. And he replied back to my Yahoo address, instead of my corporate email address.
It seemed fishy to me, so I loaded up a VMWare virtual machine using a non-standard operating system, and loaded up the page -- it was blank. I loaded up another program to view the source code of that page, without loading it in a normal browser, and there was a lot of encrypted Javascript, but nothing else.
I figure it might be an attempt to hijack passwords, or something, so folks might be on the lookout for clicking on links like that. When I googled the username in the Hotmail account, I noticed some reference to the username in some foreign language forum (one that Google doesn't translate, i.e. Turkish), but it referred to XSS and Yahoo (XSS = cross site scripting, a type of security issue), which increases the odds that the email is malevolent.
In conclusion, be wary of clicking links! If in doubt, use something like VMWare, with an oddball operating system.
Update - I just heard back from Yahoo Security, and they agree with me that the website appears malicious, so if you've had a recent email of the above nature, it might be wise to change your password. Also, check your account settings to ensure no one changed any settings (e.g. forwarding all emails to another account, or adding a filter to forward emails elsewhere).
Since he was using a Hotmail email address, a name that did not match the Hotmail username, and had a Turkish IP address, I sent back my standard "fax me a letter" response, given the guy is likely very unqualified, but using my corporate email address.
The guy writes back that "he doesn't understand", but then includes a HTML link. And he replied back to my Yahoo address, instead of my corporate email address.
It seemed fishy to me, so I loaded up a VMWare virtual machine using a non-standard operating system, and loaded up the page -- it was blank. I loaded up another program to view the source code of that page, without loading it in a normal browser, and there was a lot of encrypted Javascript, but nothing else.
I figure it might be an attempt to hijack passwords, or something, so folks might be on the lookout for clicking on links like that. When I googled the username in the Hotmail account, I noticed some reference to the username in some foreign language forum (one that Google doesn't translate, i.e. Turkish), but it referred to XSS and Yahoo (XSS = cross site scripting, a type of security issue), which increases the odds that the email is malevolent.
In conclusion, be wary of clicking links! If in doubt, use something like VMWare, with an oddball operating system.
Update - I just heard back from Yahoo Security, and they agree with me that the website appears malicious, so if you've had a recent email of the above nature, it might be wise to change your password. Also, check your account settings to ensure no one changed any settings (e.g. forwarding all emails to another account, or adding a filter to forward emails elsewhere).
