[lug] Tell us how

[Robert Racansky]

On Thu, Feb 14, 2013 at 7:18 AM, Jeffrey S. Haemer
<jeffrey.haemer at gmail.com> wrote:
> Anecdotally, I've had three of these in the past couple of weeks, all from
> Yahoo! accounts, which were spamming the senders' address books.
>
> I fell for the very first one, which took me somewhere obviously not related
> to the message,  The (real) sender followed up, warning me not to click on
> the link, because doing so would, in turn, spam my email list. Since I had
> and it didn't, something in Linux/Chrome or Firefox/gmail is immune.
>
>


I have also received spam from Yahoo accounts that were sent without
the owner's knowledge.

I don't know if this was the case here, but a few weeks ago Ars
Technica had a story about Yahoo e-mail accounts being hacked:

 * * *

How Yahoo Allowed Hackers To Hijack My Neighbor's E-mail Account
Web bugs can have serious risks, especially when they fester for eight months.

by Dan Goodin - Jan 31 2013, 5:00am MST


When my neighbor called early Wednesday morning, she sounded close to
tears. Her Yahoo Mail account had been hijacked and used to send spam
to addresses in her contact list. Restrictions had then been placed on
her account that prevented her from e-mailing her friends to let them
know what happened.

In a blog post published hours before my neighbor's call, researchers
from security firm Bitdefender said that the hacking campaign that
targeted my neighbor's account had been active for about a month. Even
more remarkable, the researchers said the underlying hack worked
because Yahoo's developer blog runs on a version of the WordPress
content management system that contained a vulnerability developers
addressed more than eight months ago. My neighbor's only mistake, it
seems, was clicking on a link while logged in to her Yahoo account.
.
. . .
.
read the whole thing at
http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/