Hi peeps. i got an email from a known contact that contained a link nothing else. I foolishly and un characteristically opened it. The link opened no website. I have discovered that my yahoo account has now been hacked and sent spam mail out to all my contacts. Weird thing is i have not typed my login details in to be keylogged as I remain logged in at al times. i have run CIS updates and then scan and found no infection. but obviously clicking the link infected my sysrtem.
Any Ideas would be most welcome.
I have changed my password so far, but that doesn’t really matter as they seemed to login without it. I take it they access via my IP ???
Thanks for help. in the case of what seems xss, does this mean It is not likely my pc is under keylog attack and once cookies browser etc is cleared I should be relatively saf, of-course and change of passwords etc???
Lets say it this way:
This “assumed as rather plausible” attack wouldnt require an infection of your computer.
But other attacks with the same result might have been caused by an infection.
A general usefull habbit:
Avoid to be logged in somewhere while browsing somewhere else. Allways log out.
Use an addon that blocks java scripts etc until you allow it. Like no-script.
And when you change the passwords (for email, and all associated accounts(!)), dont forget secret questions, email forwarding, contact email etc!
Keepass for windows is a nice tool for passwords (linux keepassX). With the right setting, re-login on pages is as easy as clicking the mouse. And you need to remember just one password. While all real passwords can be mad as hell