Published in
News
Yahoo jobs site used in phishing attack
Hot Job Hot Trojan
Security experts say that Yahoo's HotJobs site was vulnerable to a phishing-based attack that can give an attacker access to a Yahoo member's mail and other personal accounts,
British network service firm, Netcraft, said someone had been taking advantage of the hole to attack users. The hacker has been using a bogus e-mail masquerading as a legitimate message from a company, in this case Yahoo HotJobs.
Clicking on a link that includes specially formatted JavaScript code can cause the Web site to run a program because of a cross-site scripting vulnerability.
Netcraft said that the script steals the authentication cookies that are sent for the yahoo.com domain and passes them to a different Website in the United States, where the attacker is harvesting stolen authentication details.
Yahoo said the hole has been fixed now.