Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafesj



User Name Thread Name Subject Posted
GUEST,ChrisJBady Tech: New Email Virus (20) RE: Tech: New Email Virus 28 Feb 17

The Yahoo / Wordpress rootkit virus is one of the most widespread. And it seems that users of smart phones are the most caught by this. When users receive a rogue email via their computer they are less likely to click on the rogue link it contains. But with a smart phone it is all too easy to click on a link in an email and not realise the consequeces.

It works like this: Yahoo Mail users receive a short one line email saying something like: "Hello - I found this, it is amazing, click here." The 'click here' link goes to a rogue website of which there are hundreds (thousands?).

Clicking on this link sends the unwitting user to a rogue website. This does a number of things:

1/ It installs the virus code onto the user's device - the code is written in XML or Javascript and well embedded into the rootkit of the device - hence the name - and it replaces some system files with identically named ones making it difficult to spot and remove - and since it is written in XML / Javascript the virus is undetected by most virus protections apps

2/ It copies and sends the user's contact list to the scammers - it does not 'hack' the email account per se, the user is already logged in - so changing the password afterwards is of no use

3/ The virus then sits there on the user's device generating identical copies of the original email and sending them out to his/her contacts

4/ With the user's contact list the criminals can later send out further emails along the lines of "so and so has made a surprise visit overseas, has lost his/her passport, is ill in hospital, please send cash to this account number ..." - the account number of course belongs to the scammers

There are many variants of this virus. The code is available on the Dark Web for a couple of hundred bucks. It is populuar with bored script kiddies at colleges.

It can be removed by Kasperky's TDSSKILLER - but needs to be run on all computers AND devices such as smart phones that have been used to access the email account affected.

A relative of mine gave me a hard time when a TDSSKILLER scan didn't find anything on his computer. The virus was actually on his phone. Both were used for sending / receiving Yahoo emails from the same account.

This virus has been around for years. It is reportedly due to a weakness in the cookies used by Yahoo Mail and Wordpress. Nothing has been done about it.

Post to this Thread -

Back to the Main Forum Page

By clicking on the User Name, you will requery the forum for that user. You will see everything that he or she has posted with that Mudcat name.

By clicking on the Thread Name, you will be sent to the Forum on that thread as if you selected it from the main Mudcat Forum page.

By clicking on the Subject, you will also go to the thread as if you selected it from the original Forum page, but also go directly to that particular message.

By clicking on the Date (Posted), you will dig out every message posted that day.

Try it all, you will see.