Yahoo! email and the spam problem
While many of our visitors will be using their own domains for email, or more traditional provider based POP3/SMTP services, there are millions who like the ease and portability of a web based mail system, and it is likely that the popularity of Yahoo! email is the reason it has been the target of so much hacking and malware.
In light of what appears to be a new round of hacking that affects BT Yahoo! (and probably other providers using Yahoo!) we asked BT for a statement on the current wave of spam.
"BT has spoken to the ICO and they are aware of this incident. We have also been informing customers affected by showing them a warning message when attempting to access their webmail service, and requiring them to reset their passwords, along with directing them to detailed online help on steps they should take to secure their accounts."Latest statement from BT
"We have seen an increase in BT Yahoo! customers experiencing unusual activity on their email accounts in recent days. We are helping customers who have had issues, using online help and through BT’s call centres. As part of Yahoo!'s normal account security processes, if they detect suspicious activity they act to secure the account and prompt users to change their passwords. We also urge our users to use strong passwords and to use unique passwords for different online sites. For information on steps you can take to better secure your email account, including changing your account password and security phrase, please visit www.bt.com/help/abuse. If you have BT NetProtect Plus as part of your BT Broadband or Infinity package, but have not yet downloaded it, please visit My Broadband at www.bt.com/mybt."Earlier statement from BT
Channel 4 has a reasonable summary of the latest believed hack, and this raises the idea that part of the problem may not be that account details are compromised on the Yahoo! servers, but somehow a trojan is being installed on Yahoo! webmail users computers, allowing the hackers to then get access to access credentials.
The idea of malware or trojan being responsible is bourne out by our own experience, a neighbour asked us to look at their Vista PC as they had had a pop-up asking them to change their Yahoo! details for security reasons, but now a day or two later Yahoo! is not letting them login due to suspicious activity. As is common in cases like this Norton was not reporting anything, so the popular free utility Malwarebytes was downloaded and ran and found two malware applications and removed them, with the second often being installed via the first. The suggestion is that in this case, perhaps a two stage attack is carried out, the first getting the basic malware onto the PC, and then at a later stage a cunning pop-up skinned to fool people that it was an official Yahoo! warning was used to harvest login details. One improvement we did was to remove Yahoo! Messenger as the user never used it, but had assumed the pop-up was from the messenger app, this also improved the time for the PC to boot and be ready for use, in addition to removing other redundant software like Java.