Users of Yahoo's instant messaging service are being warned of a new phishing attack which sends IM users a message telling them their account will be blocked unless they respond to a terms of service violation.
The warning which came from the IMlogic Threat Center said the new attack, dubbed IM.Marphish.Yahoo, sends a message that appears to be from the Yahoo "abuse department" informing users that they are in violation of their agreement. To prevent their account from being deactivated, users are directed to a URL to a malicious site hosted at the 42.pl domain. From there, users are redirected to a Web page that appears to be the Yahoo login page to collect login and password information.
IMlogic warns that the attack, which is propagating from a buddy named ychat_complaint_dept_6b, will likely mutate with other variations of the screen name as it progresses.
IMlogic recommends organizations strengthen additional security protection by ensuring all desktop antivirus solutions are updated, the latest security patches have been applied to all desktop systems, and that all out of date IM clients have been blocked from accessing the relevant IM networks.