Yahoo hacked - warning

Yesterday I uploaded a family history file to one of our groups on Yahoogroups, and today my wife wanted to have a look at it and her antivirus software chirped a warning.

I investigated and found it that the Yahoogroups site had been hacked, and all the filenames pointed to a malware site. A quick look at some other forums showed the same thing - the filenames had been hacked.

I've tried to report this to Yahoo! They don't make it easy. They tell you they only accept reports of technical vulnerabilities (which this is) from "the online security community" (whatever that may be). It's a bit like being mugged and wanting to report it to the police station and being told that you can only report it at the police station where you live, and then being told that you can only report it at the police station where you were mugged, and then being told, no, you must go to the police station where the mugger lives, and generally being given the run-around. Well my Yahoogroups files have been mugged, and so, I think, have a lot of other people's.

To check, hover your cursor over the link to the file you want to download from Yahoohroups. Look at the bottom left of your screen (in Firefox, I don't know about other browsers) and see the URL it shows you. If it says "yahoofs", back off. Wait for Yahoo! to fix it.

Phishing expedition

Scammers cracked Val’s Gmail account on Thursday, and sent mail to several (possibly all) people in her address book begging for money and saying she was stranded in Scotland.

This has happened to several other people I know, and I doubt that anyone we know would fall for this scam, but here’s a warning just in case. Most of the scam letters sent out seem to say that the owner of the e-mail account is stranded there, so perhaps the scammers are themselves based in Scotland.

One of the interesting things about it happening to us is that we got a better idea of how phishing scams work, after I had just written a piece on "identity theft" on our family history blog. If you are interested in knowing more and this particular scam, see here.

Some useful e-mail utilities

Someone sends me a "crime report" of crimes that have taken place in our neighbourhood. I've thought of saving these in a database that would make it easier to refer to them -- to see if a car registration on a vehicle behaving suspiciously has been recorded as being involved in crimes elsewhere, for example. But what deters me is all the extraneous headers in the e-mails. All I want is the to, from and date lines, and not all the routing information and spam checks and the like.

And suddenly someone has pointed me to a utility that does just that, for Pegasus e-mail, the mail-reading program I use. And lots of other useful utilities too.

LEXACORP - Information Systems Development : Papua New Guinea:

Note that none of these utilities has a 'Setup' or 'Uninstall' procedure. They do not write to the Registry and do not put DLLs etc in other directories. To remove any of these utilities from your system just delete them.

I notice that Windows 7 doesn't have a built-in e-mail system. This is an improvement, since it gives the user a choice of what e-mail program to use, and I use and recommend Pegasus, partly because in its default setup it is immune to a lot of the spam and malicious e-mails that seem to go around.

Pegasus Mail:

Welcome to the North American Web Site for Pegasus Mail, the Internet's longest-serving PC e-mail system, and for the Mercury Mail Transport System, our comprehensive range of Internet Mail Server products. Pegasus Mail is a free product, dedicated to serving all who need it, while Mercury is a modestly-priced commercial system.

I suppose I am a bit old-fashioned about e-mail: I think e-mail is e-mail and web pages are web pages, and that HTML codes should be kept out of e-mail, and reserved for web pages. Using HTML in e-mails is wasteful of bandwidth and disk space. A two-line message in plain text can take 200 lines or more in HTML, yet the content is exactly the same. So I don't like HTML in e-mails, and Pegasus lets me send and read message in plain text.

Pegasus also, by default, blocks "lazy html". That is, HTML codes that refer to an external web site and not something in the message itself. It is something most often used by spammers, scammers and distributors of malicious software, designed for more tolerant and less protective mail readers like Outlook and Outlook Express. Pegasus by default blocks them and displays a warning, and anything in the message that refers to a remote site is displayed as a blank grey block. Sometimes such a message will display something like "Your mail reader cannot display this message" and tells me what hoops I need to jump through to read it. But such messages are almost invariably unsolicited spam anyway, which I don't want to read.

I prefer that if people want me to look at a web page, they describe it and give the URL. Then I can decide if I want go there or not. Pegasus displays the URLs in clickable form, so you click on them and it calls your web browser. But it also displays the real address at the bottom of the screen, both for e-mail and web addresses. That is useful for exposing phishing expeditions. When you are asked to send details of your bank account to an address like:

accounts@absabank.co.za

amd Pegasus displays it as

xyz@yahoo.com

you know something phishy is going on.

Hotmail hacked?

A couple of days ago I got an e-mail purporting to come from an acquaintance.

It read:

How are you doing?hope all is well with you and family,I am sorry I didn't inform you about my traveling to England for a Seminar..

I need a favor from you because I misplaced my wallet on my way to the hotel where my money,and other valuable things were kept I will like you to assist me with a soft loan urgently with the sum of $2,500 US Dollars to sort-out my hotel bills and get myself back home.

I will appreciate whatever you can afford and i'll pay you back as soon as I return,Kindly let me know if you can be of help? so that I can send you the Details to use when sending the money through western union.

The style gave the game away, of course. It was written in the same style as most scam mail, and I could not imagine the real author writing like that.

What concerns me, however, is that it apparently came from the real address of the person concerned, and that the scammer was confident of being able to read any replies addressed to the real address.

My experience with Hotmail has been that it is very unreliable compared with, say, Gmail. Mail sent to my Hotmail account at hayesmstw@hotmail.com usually bounces, and I can no longer even get in to read it, so Hotmail is pretty useless.

But if it can be cracked like this it's even worse than I thought.

So if you have a Hotmail account, be careful, and if you receive e-mails from friends with Hotmail accounts, be extra careful, especially if they ask you for money.

Blatant phishing expedition -- Telkom scam

Someone sent me this blatant phishing message today

Date sent: Fri, 9 May 2008 07:36:09 +0100 (BST)
Subject: Please Verify Your Email Address‏
From: "TELKOMSA SUPPORT TEAM"
Send reply to: helpdeskmailteam@gmail.com
To: undisclosed-recipients:;

Dear telkomsa.net Webmail User,

To complete your telkomsa.net webmail account, you must reply to this email immediately and enter your password here (*********)

Failure to do this will immediately render your email address deactivated from our database.

You can also confirm your email address by logging into your telkomsa.net webmail account at http://webmail.telkomsa.net/src/login.php

We apologise for any inconveniences, but trust you understand that our primary concern is for our customers to be totally secure.

THE TELKOMSA WEBMAIL SUPPORT TEAM.

The giveaway, of course, is the Replyto: address -- why would Telkom ask for replies to be sent to a Gmail address?

As it was no doubt a mass mailing spam as well, others may have received it, so be on your guard.