Hackers behind a recently detected email attack campaign are exploiting a vulnerability in a Yahoo website to hijack the email accounts of Yahoo users and use them for spam, according to security researchers from antivirus vendor Bitdefender.
The attack begins with users receiving a spam email with their name in the subject line and a short "check out this page" message followed by a bit.ly shortened link. Clicking on the link takes users to a website masquerading as the MSNBC news site that contains an article about how to make money while working from home, the Bitdefender researchers said Wednesday in a blog post.
At first glance, this seems no different from other work-from-home scam sites. However, in the background, a piece of JavaScript code exploits a cross-site scripting (XSS) vulnerability in the Yahoo Developer Network (YDN) Blog site in order to steal the visitor's Yahoo session cookie.
How it works
Session cookies are unique strings of text stored by websites inside browsers in order to remember logged-in users until they sign out. Web browsers use a security mechanism called the same-origin policy to prevent websites opened in different tabs from accessing each other's resources, like session cookies.
To read this article in full or to leave a comment, please click here