New Yahoo IM Phishing Attack Surfaces

Instant messaging security firm IMLogic warned of a new phishing attack making its way through the Yahoo! Messenger network on Monday. The attack, IM.Marphish2.Yahoo, attempts to steal personal information by duping a user into believing that they are in violation of Yahoo's Terms of Service. The user is instructed to contact the "abuse department" through a URL that points to the 2wahms.com domain.

When visited, the page looks similar to a Yahoo login page. However, once a user enters their personal information, the site steals the users username and password. IMLogic says that the effectiveness of such attacks is improving as they continue to build upon previous efforts and blend different methods together to further confound traditional antivirus programs.