yahoo mail email hack ????

Hi peeps. i got an email from a known contact that contained a link nothing else. I foolishly and un characteristically opened it. The link opened no website. I have discovered that my yahoo account has now been hacked and sent spam mail out to all my contacts. Weird thing is i have not typed my login details in to be keylogged as I remain logged in at al times. i have run CIS updates and then scan and found no infection. but obviously clicking the link infected my sysrtem.

Any Ideas would be most welcome.

I have changed my password so far, but that doesn’t really matter as they seemed to login without it. I take it they access via my IP ???

thanks in advance!!! ;D

Sounds like this happened to you.

First step is, to log off to make the stolen cookie invalid :wink:

No-script add on for firefox might protect against java scripts from other pages.

Thanks so much for the reply ;D. Yes looks just what happened to me!! So would you say it is unlikely I have had a trojan/worm/keylogger placed on my system???

I have rum CIS, superantispy both of wich come up with no threat!

Just to be sure you can follow the advice I give in my article about How to Know If Your Computer Is Infected. Please let us know what you find.

You may also want to see my article about How to Harden Your Browser Against Malware and Privacy Concerns.

Please let me know if you have any questions.

Thanks guys will keep you updated!!

Sent link to treefrogs. Hope you received??

To make Yahoo! Mail more secure, go to e-mail options and enable SSL.

When using SSL (actually TLS in most cases) scripts delivered over http will be blocked by most browsers.

Thanks for help. in the case of what seems xss, does this mean It is not likely my pc is under keylog attack and once cookies browser etc is cleared I should be relatively saf, of-course and change of passwords etc???

Lets say it this way:
This “assumed as rather plausible” attack wouldnt require an infection of your computer.
But other attacks with the same result might have been caused by an infection.

A general usefull habbit:
Avoid to be logged in somewhere while browsing somewhere else. Allways log out.
Use an addon that blocks java scripts etc until you allow it. Like no-script.

And when you change the passwords (for email, and all associated accounts(!)), dont forget secret questions, email forwarding, contact email etc!

Keepass for windows is a nice tool for passwords (linux keepassX). With the right setting, re-login on pages is as easy as clicking the mouse. And you need to remember just one password. While all real passwords can be mad as hell :wink:

Thanks kindly for all the help!! :wink: