By The WindChime
> Dear YAHOO User,
> Because of the sudden rush of people signing up to YAHOO, it has
> come to our attention that we are vastly running out of resources. So,
> within a month's time,anyone who does not receive this email with the
> exact subject heading,will be deleted off our server. Please forward this
> email so that we know you are still using this account.
> We want to find out which users are actually using their YAHOO
> accounts. So if you are using your account, please pass this e-mail to
> every YAHOO user that you can and IF YOU DO NOT PASS this letter to anyone
> we will delete your account.
> From Mr. ALLEN SMITH
> YAHOO Admin. Dept.
> Our YAHOO system is getting too crowded!! We need you to forward this
> to at least 20 people. I know this seems like a large number, but we need
> to find out who is really using their account. If you do not send this to
> at least 10 YAHOO members, we will delete your account. Sorry for this
> Sincerely, Director of YAHOO Services
> BOB LOPEZ
Did you ever wonder why Yahoo users were told in this email to "spread the word" to at least 20 people when in fact Yahoo could just simply email all their users in the first place if the case is really so?
That purported Yahoo email is a hoax and it is instead originally a carrier of a sinister code. It is not from Yahoo. Yahoo would do better than that of informing their users if in case they would run out of resources the way it is mentioned in the email. The message probably has malicious intent considering that Microsoft is bidding to buy out and take over Yahoo but which Yahoo has not yet fully committed itself to and is not yet fully ready of being thoroughly absorbed easily.
This purported Yahoo message is a variation of an older similar message. The original version of the message contained an attachment but the wordings of the message is not about Yahoo running out of resources, rather it is about you winning some amount of money in some lottery draw and you are told to visit a website to confirm your identity. If you fall for the deception and actually proceed to visit the said website, another sinister code hidden somewhere in one of the website's page get executed as you click buttons in response to the informations asked in the website.
What happens in the overall scheme is this: The initial task done by the sinister code to your computer's operating system (inadvertently activated as you opened the attachment contained in the hoax email) gets completed by the execution of another sinister code hidden somewhere in the website. The result is that an exclusive and very "narrow entrance" to your computer's operating system, called "backdoor" or "wall crack" or "side slit" in computer hacking parlance, gets created without being detected by any resident anti-virus or firewall program. This is where the hacker-authors will gain possible entrance into your computer system while you are online. Using this technique, hackers found high probability of success in exploiting and bypassing many known anti-viruses and firewalls. (Firewalls are softwares that protect you computer system from outside intrusion while you are connected online.)
The website also automatically picks up and records vital information about your computer, particularly among others is your IP (Internet Protocol) address (this address tells your speicific location in the web), into a database to be used in the future for any possible intrusion attempts into your computer or for any other purposes that the hacker-authors of the sinister code may wish to utilize.
So, if in case you have received the version of the email that has the said attachment, you should scan your computer with the latest update of your anti-virus code signatures because the attachment contained a hidden sinister program code that quietly opens and activates a crude backdoor vulnerability in your operating system that can be exclusively exploited by the code authors (or any hacker who knew of the specific vulnerability) without you having any hint about it if in case your system is being intruded while you are connected online.
The sinister code is like a mal-ware in nature but also has a behavior of a spyware. It has various generic codenames depending on which anti-virus you are using. Some experts claimed that they discovered some versions of the code that have the capability of random mutation. Every time you visit websites which are infected by the host portion of the code, the code changes its signature. They theorized that the code has two parts, one part is spread primarily through email attachment. This is the part that infects your computer and is called the "client code". The second part of the code is the one that infects websites and is called the "host code". When the user of an infected computer browses an infected website, a client-host interaction occurs. The "host code" modifies the "client code" thereby changing its signature.
This capability of mutation poses even greater challenge to anti-virus developers in their efforts to detect and eradicate sinister codes such as this. To computer users, the impact of this mutation capability is that there is a possibility that by the time the users acquire the latest update for their anti-virus data containing newly added virus code signatures, the sinister code that may be infecting their computers may have already changed its signature before the users could apply the latest update to their anti-virus data. Thus, this situation makes the sinister code effectively undetectable by the updated anti-virus.