You’re probably wondering what’s the big deal it’s just SPAM right? Just remove it and enjoy the rest of your day. Well that’s what I typically do with SPAM and like so many others I send out a correspondence to the source indicating that there is a problem and then toss along a brow beating message to update their virus signatures, and to use stronger passwords, yadda, yadda yadda.
The only problem in this scenario is that based on the individuals whom I’ve studied for the last three weeks all indications point out that all of these individuals have in fact been performing good computing practices. In fact each one of the individuals who have allowed me to closely examine their hijacked accounts revealed to have had strong complex passwords and no malware of any kind on their local systems. There lies the problem.It appears at this point that Yahoo themselves are not performing their due diligence and that there is a wider spread compromise that has remained unrevealed. What exactly is the problem remains uncertain however given what I have observed not only recently but also in the past with Yahoo mail accounts in particularly shows that they have been lacking with integrity checks. Discretion is purposely being used about Yahoo. While this write-up is about Yahoo mail servers I would like to stress that no e-mail provider whether free or commercial is exempt from this issue. So closing out your account and high tailing it to Gmail for Hotmail may only prolong the inevitable as it can happen there also. Remember China just recently hijacked many GMail accounts and Hotmail a few years back had over 10,000 e-mail accounts compromised, the issue is wide spread.
So what do you suggest that we do about it? Well for starters for the next 90 days remain a moving target and change your passwords monthly on Yahoo. I realize that it is both tedious and a pain, however bear in mind this may keep you from a bigger pain of migrating all your accounts and contacts to a new mail system and letting everyone know that you're now here instead of there. Let's face it changing your e-mail address is similar to changing your phone number now, it's tedious and must be coordinated carefully and can be costly. By performing a monthly password refresh for the next 90 days will keep you as a moving target and spare you the grief of apologizing for all the sexual enhancement prescriptions you’re recommending to your peers as well as provide time for Yahoo to get their act straight (hopefully). Again I would only suggest doing this for the remainder of the year as in order to work around an underlying problem. If you have any personal experiences that you would like to share or have any further recommendations please share them, otherwise send me a direct correspondence if you wish to keep it private.