[kwlug-disc] OT: Hotmail/Yahoo account breakins

[Paul Nijjar]

I think I probably asked this before, but maybe there are updates now
that it is 2013. For a while now (at least since Sept 2010) there has
been a spate of attacks on webmail accounts. I want to know the
mechanism. 

In one case I believe somebody got infected after clicking on a
link they had received from one of their contacts (who had
also been attacked). I do not think the victim entered password
information into the target page; I think they may have just opened
the page. Is this possible? What is the mechanism that allows one into
a Hotmail or Yahoo account this way? 

It looks like clicking on bad attachments can also trigger breakins. 

In most cases it looks like the passwords of the infected accounts are
not changed. The usual advice seems to be "change your password". Is
this correct advice? What should people do if they have had their
account cracked?

Does this affect only the web interface, or can you be infected if you
check your email via an IMAP or POP download of the mail onto a fat
client like mutt or Thunderbird?

I know that some of you deal with mail systems, and since you are all
smart I thought I would ask about this here. From time to time I look
on the internet for explanations about why this happens, but so far I
have not found satisfying explanations. Even people who are smart
about computers are getting their accounts cracked. 


- Paul

-- 
http://pnijjar.freeshell.org