phishing with yahoo
i got an IM from a friend this afternoon telling me of this site:
http://geocities.com/who_wants_my_picture/ (warning, don't supply your user/password)
tried to access the site and saw the yahoo login page. immediately i realized that it was a phishing site. out of curiosity, i clicked the signin button and was surprised that it redirected me to yahoo site with my account logged in. to be safe, i immediately changed my password . yahoo mail was my primary email for some time now and i don't want anybody messing with it. i also posted a query in the local forums.
i consulted my friend on why she sent me that page which i think is a phishing site. she told me that she thinks she was infected by a virus and that virus is responsible for sending the said link to her contacts. the said virus has been eating her cpu process.
i tried accessing the site once again and this time supplying a bogus username and password. i can see that the page sends an email in the background and redirects me to the yahoo site.
i was wondering if my credentials was passed the first time i accessed the page. since i configured yahoo to automatically sign me in, i researched on cookies. turns out that it was not possible for the geocities site to access the yahoo cookies. so what just happened is upon redirection, yahoo is the one who used its cookies. anyone who knows if the yahoo cookies contain encrypted user password in them?