In April and May 2011, Bkav has been reported of many cases in which users' Yahoo! Messenger accounts fall into hacker's hand, which then be taken advantage to swindle their friends to buy mobile phone card for hackers. After retraction for some time, the account stealth campaign has now come back.

According to the victim's description, users will lose their account if they click on the link in the message received which points to http://blogscuatoi[removed].

After retraction for some time, the account stealth campaign has now come back

The hackers use the stolen YM accounts to chat with those in victim's friend list using the following scenario: account's owner is in a rural area and is in emergency, thus need to have you buy a phone card and send him the secret code.

There are four common ways employed by hackers to steal your password. Firstly, hacker creates a webpage with similar interface as the Yahoo! login page to trick you into typing your password. The password is then sent to hacker, while you still bear in mind that it is transferred to Yahoo!. The second way is to impersonate an acquaintance to "borrow" your password. Alternatively, hacker is able to install a Trojan, keylog (a spyware to recorded the keystroke manipulation) after you have downloaded a certain software from the Internet. Finally, hacker can succeed in guessing your password since it is too simple.

To avoid password theft, you are recommended not to type your password in any website whose link is sent from others. If you want to sign in, you should yourself type the address on the browser. Another perpetual rule is that: do not give your password to anyone even your acquaintance.

Bkav