PoolSkill.com Blog

Instant messaging security firm IMLogic warned of a new phishing attack making its way through the Yahoo! Messenger network on Monday. The attack, IM.Marphish2.Yahoo, attempts to steal personal information by duping a user into believing that they are in violation of Yahoo’s Terms of Service. The user is instructed to contact the “abuse department” through a URL that points to the 2wahms.com domain.

When visited, the page looks similar to a Yahoo login page. However, once a user enters their personal information, the site steals the users username and password. IMLogic says that the effectiveness of such attacks is improving as they continue to build upon previous efforts and blend different methods together to further confound traditional anti virus programs.By Ed Oswald, BetaNews

A Microsoft employee is warning against downloading an unauthorized version of Windows XP Service Pack 3 that has surfaced on a popular Web site that provides software patches.

Cautions Newsgroup

On a recent Microsoft user newsgroup posting, Mike Brannigan, an enterprise strategy and senior consultant at Microsoft, told users that downloading an unofficial version of Windows XP SP3 provided on The Hotfix.net would likely harm their computer and put them “out of support from Microsoft” or other vendors because it is not an official Microsoft package.

“You would be well advised to stay clear of this fake SP3 package,” Brannigan wrote in the post, which appears on Google Groups. “It is not suitable for testing as it is NOT SP3….Anyone who installs this thinking they are getting SP3 (even as a preview) is being grossly mislead and is posing a significant potentially non-recoverable risk to their PC and data.”

However, Ethan Allen, the creator and administrator of The Hotfix, asserts that though the version of Windows XP SP3 provided on his site is not necessarily the official version, it is a reasonable preview of what will appear when the official service pack is released.

Official Fix Delayed

Microsoft has said that Windows XP SP3 will be available after the release of Windows Vista, which is expected toward the end of 2006.

“Our pack is indeed a preview to what the official service pack will be, as these hotfixes will be in Service Pack 3 as proven by Microsoft’s own knowledge base,” according to a post by Allen on TheHotfix.net. “Each of these hotfixes can be obtained for free from Microsoft by calling their support lines.”

Allen also wrote that while there is a possibility the SP3 on his site will make a user’s machine less stable, it is not the fault of The Hotfix, because the software came from Microsoft, not the site itself.

Allen put together the preview of SP3 from software updates he received from an internal Microsoft source. In an interview Wednesday, Allen said that Microsoft has not contacted him directly about the hotfixes he has posted, but his Microsoft source told him the company was conducting an internal investigation to find out who was leaking the hotfixes to his site.

Though published reports claimed several weeks ago that there would be a third service pack for Windows XP, Microsoft shrugged off its existence until last Thursday, when the company abruptly acknowledged that SP3 would be available after Windows Vista ships next year.

I see some jerks comes to this site with searching ‘fake login screens’ words at search engines.

These people is searching it to create a fake login site for steal your information .So please always be careful when login to Yahoo! , Yahoo! Games or any sites, never login from any link other than Yahoo! network sites go Yahoo! or if you want to login to Yahoo! Games directly just go to Yahoo! Games site and after you login Yahoo! will take you back to Yahoo! Games main page and you should see your Yahoo! ID.

A vulnerability been discovered that is being exploited by a player with a boot program. This vulnerability is being used to steal Yahoo! IDs and gain access to related Yahoo! information such as Yahoo! email accounts and Yahoo! Wallet, a feature that stores your banking (checking accounts and credit cards) information. This is serious criminal activity which requires vigilance to not become a victim.

This is frightening information, and I hope you are giving this email the serious consideration it deserves. One thing we want to make perfectly clear, you CAN protect yourself against becoming a victim. We know of one person that has this capability, but there may be others While the main focus at this time appears to be members of the Euchre leagues, it can change at any time to focus on another group of members or even multiple groups.

There are recognizable signs if your Yahoo! account is being targeted. Please pay particular attention to the following.

Once the booter has selected his next victim, a program is used to boot the target from the Yahoo! game room, Yahoo! Messenger and any other Yahoo! services you may be logged into. The program does more than just boot the person out of Yahoo!, it identifies their IP address and sends a “tag” that is linked to that IP address. When the person attempts to re-login to Yahoo!, this tag directs them to a fake Yahoo! login page. The fake Yahoo! login page can be recognized by certain characteristics.You are asked to verify a word code as shown below:

This is not something that has ever been required or used, to login to your Yahoo! account. This Yahoo! Messenger Word Verification page belongs to the booter and if you type in your User Name and Password, you are actually typing your login information directly to the booter.

If you receive this Yahoo! verification page, you should immediately shut down your computer (it may also help to delete cookies and temp files). Restart your computer and go to the Yahoo! sign-in page or open Yahoo! Messenger. If you have the normal sign-in page you should be fine. If you get the same word verification page, DO NOT try to sign in, the tag is still linked to your IP address. There are 2 options you can try, shut your computer down again and leave it for a few hours, or go to a different location where you would have a different IP address and try logging in again.In each case we are aware of, logging in from a different location (not just a different computer in your house), has been 100% successful.


If you receive the Yahoo! Messenger Word Verification message when you login to Yahoo!, DO NOT type your login information. Please send a report, you may also try sending a report to security@Yahoo-inc.com . Please give as much information as you can when reporting suspicious activity.