If you get an IM from anyone here at Pixies (or really anywhere for all that matters) with a hyperlink and no real message, I would advise you not to click the link. Those of us who have are having trouble with our messengers. If you already did and are experiencing trouble I would suggest you change your password.

thanks for the warning lil. :)

I got that from a pixie this morning and it took me to a page to log in...thought it was wierd. I haven't had any problems tho...not yet anyway :(

IWM you may begin to get messages that you are being signed off Yahoo because you are using that account elsewhere. I would change your password log out and then log back in.

IWM you may begin to get messages that you are being signed off Yahoo because you are using that account elsewhere. I would change your password log out and then log back in.

I just did....thank you!!!!

TY for the alert Lil! I know someone having trouble with Yahoo IM and now I know what to tell them!

Thanks I was wondering what the hell was going on.

Just changed mine JIC.... Thanks for the heads up!

What ever is spooking around has been to my door. I got two offline messages from one Pixie that sent me to some ‘Yahoo Photo Share’ I don’t recall setting up, that had one pic of my avatar. The other sent me to a wild-ass BB that I know NOTHING about. Early (03:00) I got another from another MAJOR Pixie also, for the same Photo Share site.

I do recall getting the ‘Sign Off’ message during the trip to see what I was being sent to. I did use IM afterward without problem, so whatever it is doing is insidious.

Thanks hun

I don't know what the bad guy looks like or what all he may be into yet, but I'm starting here and it looks like it fits what's happening.
http://security.yahoo.com/password_scams.html

I believe that is exactly what is occuring and is why I suggested changing the password and logging out then back in.

Lilith,

Something Wicked This Way Comes.

CORRECTION!

The Photo Share link was to the below address and I KNOW I never set anything up there.

geocities.
com/
hot
_n_
sxy
_slapper/

I don’t know if any of this helps, so let me know if I should stop posting on my feeble journey.

PF that is the same message I recieved today, don't think that helps much but to just let other people know.

CORRECTION!

The Photo Share link was to the below address and I KNOW I never set anything up there.

geocities.
com/
hot
_n_
sxy
_slapper/

I don’t know if any of this helps, so let me know if I should stop posting on my feeble journey.

Everyone received the same message because it accessed our buddylists to send out the bogus IMs.

When you change your Yahoo password keep in mind that Yahoo will send notification of the change to the alternate email address you have listed. Be sure that you get that notification and that no one has redirected your Yahoo information.

There is a new link being sent out....got one from PF and another contact this morning

I've just changed my password...damn scammers!!

http://add.yahoo.com/fast/help/us/security/cgi_feedback

If you get the links please send Yahoo security the information

Okay, I have changed my password twice and havent gotten a notification from Yahoo! The e-mail address is right but i haven't gotten a request and I'm starting to freak out.

did you use a hotmail as the alternate email? I find hotmail arrives slowly.

For the record!!!

I did NOT send any links to anybody without a note.

I just checked with a non-Pixie from my list and she DID get that offline message with the link SUPPOSEDLY from me. The slickest part is that she ‘replied’ to me asking “for some reason when I try to go here it sends me to Yahoo Photos and when I sign it I go to my own photos.......I don't get it. What am I supposed to be seeing?”, and I do NOT get her message back.

These fuckers are slick. I don’t know who or what they are doing with the IM passwords they are gathering, but it seems they cover their tracks pretty well.

You may want to consider notifying ALL the names on your list, ...particularly non-Pixies that won’t see the thread.

:eek: For the record!!!

I did NOT send any links to anybody without a note.

I just checked with a non-Pixie from my list and she DID get that offline message with the link SUPPOSEDLY from me. The slickest part is that she ‘replied’ to me asking “for some reason when I try to go here it sends me to Yahoo Photos and when I sign it I go to my own photos.......I don't get it. What am I supposed to be seeing?”, and I do NOT get her message back.



Ok, for the record...

I'm the one PF is referring to. Imagine my surprise to learn that I'm a "non-Pixie." :eek: I may not post as frequently as I used to, but I AM STILL A PIXIE!!!
On topic, however......I did go and change my password, and I got the notification almost immediately from Yahoo. I'm glad PF did happen to check with me about this, even if he does consider me a "non-Pixie" because I don't spend as much time here as I once did. Maybe I need to sic Steph on you....hummmphhhhhh........a "non-Pixie" indeed!!

Spank him Sugarsprinkles...;)

Well you can disregard what I had in this post too. I just opened my e-mail and had a confirmation of my password change. :o

I MEANT people on my list that may not see this thread SS. I normally can make an ass out of my self very well alone, but it’s good to know I have a friend that will back me up if I ever miss. :rofl: Thanks.

I got PF's IM too....just changed my password. Hope it wasn't too late. I apologize to any of you who receive a message from me.

This is like some sort of cybernetically contracted venereal disease :p

This is like some sort of cybernetically contracted venereal disease :p


Sheezzzz...... VD without even the fun of sex to get it. Now thats low!!


I got the same link from "PF" too.

Thanks for letting us know about this Lil. I changed my Yahoo Instant Messenger password. Is it affecting only that or Yahoo Mail too?

You know how long it's gonna take me to stop using my old password and use the new one!?!? oy vay!!!

I tend to change my passwords at irregular intervals anyway. Helps keep the people looking over my shoulder confused.

*Hands on hips, stomping feet* Well I didn't get any phoney link from PF. I must not be on his list anymore. *major pouting*

I really don't understand how this is happening. Which isn't surprising with the state of my mind lately, but how is someone getting Pixie's IDs? Is it another Pixie doing this? Do we know who? Do you have to have your Yahoo ID listed in your profile for it to happen?

I need this explained to me as if I'm a two year old. *No jokes!*

Its not just Pixie IDs that the links are being sent from :)

If ya click the first link up above it'll explain it a bit for ya

These fuckers are slick. I don’t know who or what they are doing with the IM passwords they are gathering, but it seems they cover their tracks pretty well.

.
i read on one of the links in this thread that with the password they can access e-mail and via e-mail possibly account #s from financial companies, banks, etc.
*shrug* but wtf do i know? i haven't had a problem with it.
there is bright side to not being on any buddylists. :p:p:D

Actually Tess this has nothing to do with Pixies. They do not have our Pixies IDs or info.

The program is has accessed someone's buddy list on Yahoo IM. It is like a worm in that it is sending messages to all the peeps on that person's buddy list from Yahoo. Of course since that person is a Pixie, there are Pixies on that list. That is why a warning was posted here. Pixies is not affected and has nothing to do with this password phishing worm that is being spread through Yahoo Instant Messenger.

You do not need to change your Pixies password. You need to change your Yahoo one.

It really is virulent. I am being sent the URL link message from many different people.

Thanks Lil that is clearer now. I guess I will go change my password. Man I hate having to remember new things! :mad:

I need some one to confirm my understanding of this.

There is nothing to indicate that this came from or through Pixies. This was a bug that came up the Yahoo toilet. Only because so many of the people on many of our buddy lists happen to be Pixies and we talk to each other WITHOUT using Yahoo IM did we become aware if it as quickly as we did.

My Yahoo nick is not the same as here at Pixies and is not listed at Pixies. Therefore it seems they had only a list of Yahoo nicks and turned loose a virus that suckered us into entering the password that matches the name. Because the link came from people that we trust explicitly and appeared (at first glance ) to be structure of Yahoo (also with a level of confidence), we slide right down the drain. The fact that any ‘reply’ back to the (supposed) sender was derailed leads me to believe it wants to be very covert.

We don’t know yet, what is being done with this particular collection of nick’s WITH passwords, but I would think it only enables them to apply them to additional Yahoo services using that nick and password.

My understanding to date, is that it was sent ONLY as an offline IM. As soon as we opened our IM, it had access to our buddy list. I will post the person, date and time I received the first message when I get home tonight and we should be able to make a map of it’s travels through our group.

My understanding to date, is that it was sent ONLY as an offline IM. As soon as we opened our IM, it had access to our buddy list. I will post the person, date and time I received the first message when I get home tonight and we should be able to make a map of it’s travels through our group.

You had it all right til this part. When you entered your YAhoo ID and Password at that site you enabled the phishers to use your Yahoo ID and password to access your buddy list. Then they used a worm type program to send out IMs with the link to all your buddies.

It does not help anyone at all to post who sent what. It is irrelevant. It's a phishing scam and no one who became involved did so intentionally. Tracing who was victimized first doesn't solve any mystery it just makes people feel bad.

Please report any messages you receive on Yahoo IM containing the link to Yahoo security.

Okay... so not only does this piss me off because I HATE to change passwords... but mainly because I am now concerned with the other information on my pc... does this thing have the ability to obtain other info from your system? Anyone know?

Thanks..

and damn it if it weren't the "sxy_slapper" that did us all in.. LOL... had it said something boring like "something_boring" I may not have clicked on it BEFORE coming here :( :(

Great....now people are writing me asking me about links I'm sending them....and I haven't :(

IWM I understand how you feel. I am dealing with the same thing. Please encourage them to change their Yahoo password and to report the IM to Yahoo security.

After changing my password it seems to be all better now. Yesterday I could not even sign into messenger on my phone I was all corn-fused.

I changed my password, I got my confirmation, I pmed everyone that if they got a message from me that was just a link to ignore it or pm me about it before opening it.....now i have a new problem. I logged into my messenger and all of a sudden all of my friends on my lists are GONE. I had to reload everyone. If you're on my list and you haven't recieved an add from me today, then please pm me because I have forgotten your username or how you spell it or something.

...When you entered your YAhoo ID and Password at that site you enabled the phishers to use your Yahoo ID and password to access your buddy list.

....... no one who became involved did so intentionally. Tracing who was victimized first doesn't solve any mystery it just makes people feel bad......
Thank you. :) Whatever details we have of how this works is helpful for me. I don’t believe ANYBODY intentionally became involved and there’s no reason for any apologizes from anyone. Just a thank you for Pixies being here and allowing us to catch this as soon as we did.

At this point I would like to know if anyone received one of the bogus link messages AFTER midnight, 15 November. If you have, PLEASE let me know immediately.

Last i received was at 11/16/2005 8:57:57 AM Aussie time...you can convert it

I received one at 3:52 p.m. on the 16th

I received one during the night too......sorry didn't keep track of the time but was the 17th.

Mine was early morning of the 15th at like 3:20 am or something like that.

I haven't had anymore since I changed my password.

haven't been around for awhile.....and what an awful way to drop in.....i got hit as well......learned from bigbear about this thread and how alot of pixies are gettin' hit too......now i've got a problem since hearing from pf as well as talking to bigbear.....i went to try and change my yahoo password....and it won't let me!!!!....i've been trying for maybe 2 hours now......everytime i try, i get redirected to "page not available"....any ideas what i should do now?....i've sent a message to yahoo security.....i'm thinking my only recourse is to completely delete my account and just start all over.

And I got the link again from kathy1 on 11/16/2005 3:43:02 AM.........fortunately I was already alerted and just ignored it.

whatever has happened to me thru those links gets more mysterious.....has this happened to anybody else?.....catch22 and i were chatting today and he was trying to help me fix the problem....can't remember exactly what prompted me to ask him, but i asked him to look up my yahoo profile....do a search on that nic.....it came up with nuffin!!!!.....gave him a message that said that person did not exist.....so i did a search....and indeed, i couldn't find me either......however, if i put my nic and password in on any yahoo spot....even after logging out....it accepted it!!!.....and if i go to the "see my profile" page, there i am.....wtf???

Last i received was at 11/16/2005 8:57:57 AM Aussie time...you can convert it
I can. ;)




I received conformation of my password change from Yahoo on Tue 11/15/2005 22:38 EST. That means anything that was sent before 11/16/2005 13:38 AEST, was before the corrective action was taken, so that’s understood for Alasse and SODA.

But SHIT!!! :hair:

That means that Lilith and IWM received bogus message from me AFTER the password change. Therefore, the culprit has (1) taken my buddy list outside my Yahoo account, (2) still has a way into my buddy list (and maybe anything else that would be part of a Yahoo account), or (3) has setup housekeeping inside my Yahoo account.

My antivirus and spybot scans can’t see him yet if he’s living in my basement. I will send a specific request to Yahoo for their insight and any patch or scan that can confirm he’s not living here. If it’s not a resident, I hope Yahoo can tell me how to lock the door for any revisits, as the password change did not cure the problem. If our buddy list with passwords were looted, … ANYTHING could be done with them.

Please check my thinking on this and let me know any further information you may come across.


(*I’m so happy that is ONLY IM for me* :D )

PF--sorry I didn't clarify.....the one I received this morning wasn't from you.

That means that Lilith and IWM received bogus message from me AFTER the password change. Therefore, the culprit has (1) taken my buddy list outside my Yahoo account, (2) still has a way into my buddy list (and maybe anything else that would be part of a Yahoo account), or (3) has setup housekeeping inside my Yahoo account.



My message wasn't from you this time. It's a worm. It went from you to everyone on your list who clicked and entered their info. All of them are sending the links now too. So "I" sent the links and peeps on my list are sending them...and so on. After you changed your password I bet none came from your Yahoo. Changing your password is what stops the cycle.

At this point I would like to know if anyone received one of the bogus link messages AFTER midnight, 15 November. If you have, PLEASE let me know immediately.
Sorry I read your posts as an answer to my post.

I'm happy as hell to hear that those were NOT from me and that the password change HAS seemed to work.

Thanks for clarifying that before I went chasing ghosts.