Security Paranoia

I am hearing so many cases of password theft through yahoo IM that it is alarming.

And guess what ! Interestingly 8 out of 10 such cases involved clicking on a link pointing to “GeoCities.com”

What is wrong with Geocities.com ?

Well, Geocities.com is owned by yahoo ( http://geocities.yahoo.com/ ). And I strogly feel that they should try to look into this mess and stop this craziness.

Why hackers like Geocities ?

• It is free to host pages as long as you don’t mind seeing Ads.
• Most likely they allow any type of file and content to be hosted on server ?? This can make big difference.

• This makes it easy for hacker to put malicious code and lure victims to click on it.

What Yahoo can do ?

• In my opinion, Yahoo can do lot. After all, it is their service and they own infrastructure.
• Yahoo should make MUCH stricter policy for content being hosted on geocities.
• They should also search all accounts for any type of malicious code in their account.

• How hard this can be ?
• For sake of security, if we are compelled not to take even a water bottle to airport, implementing account search policy should be piece of cake.
• Someone can argue that there can be privacy issues. Yes, may be. But looking at benefits, company like yahoo can surely implement it. After all, it is for security of all netizens.

• I am surprised that we have not seen any such measure from yahoo yet despite so much impact has been made.
• However, Yahoo has recently provided good feature called password theft protection. It is good start, but not enough. I expect more in terms of security from Yahoo.

– OR –

MAY BE…. Yahoo has deal with hackers ( on one side ) and anti-virus, anti-spyware companies ( on other side ) to provide infrastructure for spreading spyware and malware ? After all, it is business !

You tell me !

Links

• Google search on Yahoo IM virus

After password theft of my yahoo account, I have been trying to research and to find out the way it happened.

I have been reading lot of information web and have been discussing with friends who are tech savvy.

I have better insight now. It is password theft through Yahoo IM ( Instant Messenger )

Actually, it has been going on for a while. Most likely, this is what happened in my case and many others, I believe.

How it works

• You get an Yahoo ( or other ) IM message with a link from one of your buddies.
• This message is sent automatically by other Trojans or programs without intervention of your friend or buddy. That what it makes it more tricky. Usually, you don’t have strong reasons to doubt such instant message, when it is from a good friend.
• Remember:Message does come from your friend, but he/she did not send it.
• Emails are easy to fake. But it can be easily identified by headers, if that are spoofed. In case of IM, it is NOT easy to find.
• You click on that link and it drops some sort of key logger or Trojan on your computer
• It records key stokes and sends such information to hacker !! You don’t need to click anywhere. Information goes directly to hacker. It is more dangerous then phishing.
• Before you realize, you sensitive data - password, bank PINs and other are compromised.

Why it is good trap

• Usually, you get IM from friends and family members, which make them look legitimate
• Many times, you can make out that link and message look wierd or goes to very unknown website. However at times, link may look very genuine and may have harmless looking message like
• Look at my new trip snaps …
• Did you check this out …
• Breaking news…
• Very often link is sent as off-line message, which may prevent you to verify it with your friend immediately.

I am positive that this is what would have happened with me. I got such link from very good friend of mine with friendly looking message and link. I thought it must be genuine ! ( I was wrong )

How to prevent it

• Based on this post, one thing is clear - DON’T click on any such link ( even genuine looking ) UNTIL you have CONFIRMED that it has been intentionally sent by your friend.
• Avoid clicking any link pointing to Geocities.com website.
  
• Many of such links point to geocities.com.
  
• I found from my research that out of 5 cases I heard, 3 were pointing to geocities.com ( Including mine )
• If you doubt that your computer and/or account may have been compromised, get a good Anti-Spy software and scan your computer immediately.
• I believe now ( and suggest ) that those few dollars are worth for security & protection they provide.
• I am researching and comparing good anti-spy softwares and will be posting my results on this blog.

Useful Links

• http://wordpress.com/tag/password-theft/
• Useful google search on password theft
  
• keylogger google search
• ID theft automated using keylogger Trojan

Be Careful

If you thought that your Yahoo ( or hotmail or even gmail ) email is safe and if you keep important email/information in email box –

** THINK AGAIN**

Because so far I was thinking the same about Yahoo email, until someone hacked my account and I could no longer access my email box

This is the summary of what happened two days back ( Sept 6, 2006 )

• 5:30 pm - Received email on my alternate email address ( non-yahoo) that your password has been changed ! And I knew that I had not changed my password !!!
• I was surprised and was in panic mode. Why ?
• I have had this account for last 10 years - quite long time ( Like many others )
• This is not junk account, but very much operational and heavily used account.
• This is Yahoo Mail Plus account and I pay yahoo for upgraded services ( 2 GB storage and No Ads and more features ). I was thinking so far that it is safest thing in world ! After all I am paying for it. Boy, I was wrong !
• I have substantial investment in this yahoo account ( Like many others, I am guessing )
• Important emails and other information ( Some of it can be sensitive )
• More then 15 yahoo groups attached to it
• Many Yahoo photos
• Use of Yahoo Brief case
• Being old account, almost all my friend have this email address
• Also used to register in many ( legitimate ) websites
• Lot many contacts in addressbook
• Lot of good memories, news
• Some financial information too on it ( Now I think, why did I put there ?? Stupid, huh ? )
• 6:30 pm - Called yahoo support. They told me to call tomorrow. They were closed for “password help”
• 6:40 pm - Sent email to yahoo support. Does it help? Not sure.
• 6:50 pm - Started reading on Internet of similar experiences. Guess what ! Found many ! I got more worried
• 7:00 pm - I thought of a friend who knew about this and I remember him talking about it once. I quickly called him. He very kindly guided me.
• 11:30 pm - Got my account back. Password was recovered. I could login again ! ( Big sigh…. )
• I used yahoo online reset password feature. ( Link is given below )
• I could only do this as LUCKILY hacker had NOT changed my credentials yet and I could successfully validate my account. If you continue reading, you will find out more about recovering password. This is very important.

Well, half a day ( It felt much longer ) of absolute terror !

Actually, I was lucky and this was fast recovery of account. Many ( rather most ) people have not recovered their account back. If you have the paid account, there is (some) hope as Yahoo has to respond to your query. But as I read and heard, in case of “free” account, it is almost hopeless.

In my case, I don’t know, if hacker really extracted important information and misused it or not. Too early to say. May be I will find out later. Scary, isn’t it ?

In last two days, surprisingly, I heard 3 more very similar incidents from my colleagues and friends. It seems like virus spreading around. While talking to other friends, I found that they had also heard similar cases. It is happening…

So I will say that YAHOO EMAIL is NOT safe these days ! Thanks to creative brain power of hackers

Now, it makes me think, which popular email is safe then ? gmail, hotmail ? may be. I will not bet on it. In general, nothing is safe in my opinion.

This incident opened my eyes ! NOTING IS SAFE!

Only thing closer to being safe is “Being paranoid about security”

How to get password back?

• This seems almost impossible, if you have free account
• Still, you can try to recover it using yahoo’s online reset password feature. Link can be found here
• You need to answer all questions correctly. You better know the “fake” birthday you may have given on the account. It is good idea to check and remember all verification details while you have access to it.
• But even if you remember correctly, there are always chances that the hacker would have changed it after hacking the account. In this case, it is near to impossible to recover it. Now, You are trying to “hack” your own birthday and zipcode Actually, it is not funny, when it happens.
• Try callling yahoo support.
• Yahoo customer care number : 1-866-562-7219 ( Option #2, #2 for passord help )
• Note: They are only open from 6am to 6pm PST ( Mon to Fri )
• You can send email to yahoo support. However, sending email is not useful and you don’t get proper reply except automated reply. With nearly 200 million accounts, I wonder, how will they keep up with it ?. Yahoo support should respond, if you are paid member.
• Apart from this, I can’t think more except worrying about what hackher may be doing with your account and may be cursing yourself for putting imoportant info in email box. But at least, now one can make plan to stop it in future. I am making one. We all should.

What you can do to prevent it ?

With Yahoo Email, few things to keep in mind

• Password Strength - Convenience and safety don’t goto gather
• Keep password with higher strength. I thought that my password was not easy one. May be I was wrong or hacker was smart guy (Usually they are ! )
• Keep changing password regularly,if possible. It may be inconvinient, but will be helpful to protect your privacy.
• NEVER reply to phishing or any suspicious emails asking for account details, passwords etc.
• Most of techy guys know about this and figure out difference between good and fake website. Still sometimes, we may fall into trap.
• Now, Yahoo provides good feature called password theft protection. I will encourage everyone to start using it. It is free and it works similar to “SiteKey” feature banks provide these days.
• Do not keep lot of important information in email account

So how they hack it ?

I wish I knew all details

This is the question, I am wondering too. I welcome comments from readers.

There are few ways I can think of –

• Receiving information from responses from phishing emails — This probably will be top method, I guess
• Automated scripts or spiders trying for different combinations of password - Technically it is not very diffciult to do.
• Someone smart ( and with lot of time on hand ) may try to manually try various combination and may succeed at the end. Less likely, but possible.

At the end –

Be Safe. Always be paranoid about security in general

Please, feel free to give any other suggestions you may have.