[Dshield] Here's a new one...possible Yahoo exploit?
peteoutside at yahoo.com
Wed Apr 14 00:28:32 GMT 2004
Just recieved the following in my Yahoo! Bulk Mail folder.
>From: kka at kidagin.com
>To: peteoutside at yahoo.com
>Subject: Mail Delivery (failure peteoutside at yahoo.com)
>Date: Mon, 12 Apr 2004 06:02:18 -0400
>If the message will not displayed automatically,
>follow the link to read the delivered message.
>Received message is available at:
Yahoo renders the url thus:
The url appears to be nonstandard...the trailing "/us/" after the yahoo.com doesn't appear in any of the legitimate links in my mailbox.
This is obviously nonstandard, probably malicious...but I have to wonder how it's supposed to work (no, I haven't followed the link yet). Browser exploit of some kind? Did someone perhaps compromise Yahoo? Is it a vulnerability in they way they allow access to mailboxes? (ie, could I in effect read someone else's mail?)
I have just forwarded this to Yahoo's security nebbishes but wanted to tip the list off as well.
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
More information about the list