Die Mofo Scammer

Okay, I accidentally logged in at Yahoo! via an XSS (Cross Site Scripting/ed) page. I got the link through Y! IM from Boogs. It seems like a virus but I'm trying to trace its source. If you get the url , from me through Y! IM, don't open it. I hope that this is not a Y! IM security hole. Boogs says he got it from Lahaina but he's using his computer at school. But how did he get it (the virus)? Then this afternoon, there was a computer that kept writing a file named SharedDocs.exe (via the wireless network) to my Shared Documents. Luckily, it was intercepted by my antivirus. I'll try to investigate on this and see what happens. People, consider yourselves warned. Boogs lost his phonebook already and there was a breach already earlier. Lahaina can't login to her Yahoo! account anymore (probably). In case you do login through the scam site, change your password (and related accounts with the same password or usernames with that email address) as soon as possible. Please tell me if you find other sites so we can gather them (I don't know why, but it could help). I checked if I can report to Yahoo! on such cases but I guess they haven't thought of that. Please enlighten me if they did. Update: 12.55, Sunday, December 4, 2005 It all makes sense now. It's not a virus. The author of the scam login page logins with your Y! username and password, sends the URL to everyone then logs out. There's no virus or security threat related to Y! IM. If the author doesn't find anything useful, he/she will erase your phonebook or probably mess with your email. Boogs lost the contents of his phonebook.

iRant has moved. Click here.