Security Paranoia

After password theft of my yahoo account, I have been trying to research and to find out the way it happened.

I have been reading lot of information web and have been discussing with friends who are tech savvy.

I have better insight now. It is password theft through Yahoo IM ( Instant Messenger )

Actually, it has been going on for a while. Most likely, this is what happened in my case and many others, I believe.

How it works

• You get an Yahoo ( or other ) IM message with a link from one of your buddies.
• This message is sent automatically by other Trojans or programs without intervention of your friend or buddy. That what it makes it more tricky. Usually, you don’t have strong reasons to doubt such instant message, when it is from a good friend.
• Remember:Message does come from your friend, but he/she did not send it.
• Emails are easy to fake. But it can be easily identified by headers, if that are spoofed. In case of IM, it is NOT easy to find.
• You click on that link and it drops some sort of key logger or Trojan on your computer
• It records key stokes and sends such information to hacker !! You don’t need to click anywhere. Information goes directly to hacker. It is more dangerous then phishing.
• Before you realize, you sensitive data - password, bank PINs and other are compromised.

Why it is good trap

• Usually, you get IM from friends and family members, which make them look legitimate
• Many times, you can make out that link and message look wierd or goes to very unknown website. However at times, link may look very genuine and may have harmless looking message like
• Look at my new trip snaps …
• Did you check this out …
• Breaking news…
• Very often link is sent as off-line message, which may prevent you to verify it with your friend immediately.

I am positive that this is what would have happened with me. I got such link from very good friend of mine with friendly looking message and link. I thought it must be genuine ! ( I was wrong )

How to prevent it

• Based on this post, one thing is clear - DON’T click on any such link ( even genuine looking ) UNTIL you have CONFIRMED that it has been intentionally sent by your friend.
• Avoid clicking any link pointing to Geocities.com website.
  
• Many of such links point to geocities.com.
  
• I found from my research that out of 5 cases I heard, 3 were pointing to geocities.com ( Including mine )
• If you doubt that your computer and/or account may have been compromised, get a good Anti-Spy software and scan your computer immediately.
• I believe now ( and suggest ) that those few dollars are worth for security & protection they provide.
• I am researching and comparing good anti-spy softwares and will be posting my results on this blog.

Useful Links

• http://wordpress.com/tag/password-theft/
• Useful google search on password theft
  
• keylogger google search
• ID theft automated using keylogger Trojan

Be Careful

After password theft of my yahoo account, I have been trying to research and to find out the way it happened.

I have been reading lot of information web and have been discussing with friends who are tech savvy.

I have better insight now. It is password theft through Yahoo IM ( Instant Messenger )

Actually, it has been going on for a while. Most likely, this is what happened in my case and many others, I believe.

How it works

• You get an Yahoo ( or other ) IM message with a link from one of your buddies.
• This message is sent automatically by other Trojans or programs without intervention of your friend or buddy. That what it makes it more tricky. Usually, you don’t have strong reasons to doubt such instant message, when it is from a good friend.
• Remember:Message does come from your friend, but he/she did not send it.
• Emails are easy to fake. But it can be easily identified by headers, if that are spoofed. In case of IM, it is NOT easy to find.
• You click on that link and it drops some sort of key logger or Trojan on your computer
• It records key stokes and sends such information to hacker !! You don’t need to click anywhere. Information goes directly to hacker. It is more dangerous then phishing.
• Before you realize, you sensitive data - password, bank PINs and other are compromised.

Why it is good trap

• Usually, you get IM from friends and family members, which make them look legitimate
• Many times, you can make out that link and message look wierd or goes to very unknown website. However at times, link may look very genuine and may have harmless looking message like
• Look at my new trip snaps …
• Did you check this out …
• Breaking news…
• Very often link is sent as off-line message, which may prevent you to verify it with your friend immediately.

I am positive that this is what would have happened with me. I got such link from very good friend of mine with friendly looking message and link. I thought it must be genuine ! ( I was wrong )

How to prevent it

• Based on this post, one thing is clear - DON’T click on any such link ( even genuine looking ) UNTIL you have CONFIRMED that it has been intentionally sent by your friend.
• Avoid clicking any link pointing to Geocities.com website.
  
• Many of such links point to geocities.com.
  
• I found from my research that out of 5 cases I heard, 3 were pointing to geocities.com ( Including mine )
• If you doubt that your computer and/or account may have been compromised, get a good Anti-Spy software and scan your computer immediately.
• I believe now ( and suggest ) that those few dollars are worth for security & protection they provide.
• I am researching and comparing good anti-spy softwares and will be posting my results on this blog.

Useful Links

• http://wordpress.com/tag/password-theft/
• Useful google search on password theft
  
• keylogger google search
• ID theft automated using keylogger Trojan

Be Careful