Yahoo Mail Infected?

Checking Yahoo mail this morning I received multiple Avast warnings of Iframe detections. Couldn’t say if it was any particular email. A redirect happened and I closed the tab. If anyone knows who to pass this info to at yahoo, feel free.

Is there more info in the avast logs, for instance, the url of that redirected frames?

Here’s what I have in the logs under Warning.

7/4/2009 9:38:13 AM SYSTEM 1844 Sign of “HTML:Iframe-inf” has been found in “hxxp://omyakicari.com/images/wait.html{gzip}” file.
7/4/2009 9:46:51 AM SYSTEM 1844 Sign of “HTML:IFrame-HH [Trj]” has been found in “hxxp://awiron-work.com/valla.js{gzip}” file.

Hi Dragonmage,

Please could you modify your post to remove the active hyperlinks (change http to hXXp) to prevent others potentially becoming infected. (Very important)

-For the first site I think the source of the infection is a very long piece of script in the page (see image)
All of the other links within the source code produce this: “Blank page / could not connect”

-The second site is actually a javascript file that has very likely been infected. The actual site looks fine but when the file loads avast alerts to it.

–>With the second link a very good way to protect against this is to use Firefox in combination with NoScript. I am able to browse the page because NoScript prevents the scripts from loading, and avast does not alert to it until you allow the scripts on the page.

I don’t know how necessary the scripts are for the page functioning but it seems that you can do without them to view it.

Hope this helps,

-Scott-

I don’t even know what these pages are. I was checking my mail in yahoo when I got the warnings, then the yahoo tab redirected to some other page.

Well that is odd…

I’m not sure about that, sorry

maybe someone else who is more experienced could help you

-Scott-