A sample of these emails has been submitted to millersmiles.co.uk. They carry the subject line “DSVX Virus Detect in Your Yahoo Mail Account” and they read something like this:
“We detect dsvx Virus in your Yahoo! Mail account So it’s time to update, before you lose your email access. Your email service won’t be affected and you’ll keep all your old contacts, folders and messages.”
There are some pieces of malware whose name includes the string “dsvx,” but in this case, the “dsvx Virus” is simply used to scare unsuspecting users into clicking on the link contained in the email.
When internauts click on the link, they’re taken to a Yahoo Mail phishing page. The fake login page closely replicates the legitimate one. In fact, all the links from it point to the genuine Yahoo Mail login page.
However, when users enter their Yahoo! ID and their password and click the “Sign In” button, the information is transmitted to a server controlled by the cybercriminals. To avoid raising any suspicion, victims are then directed to the legitimate Yahoo Mail page hosted at mail.yahoo.com.
The phishing page is hosted on an altervista.org subdomain and it has been live for at least 24 hours.
The phishers can use the harvested information to hijack the victim’s email account. They can also try to hijack other accounts considering that many people use the same username/password combination for multiple accounts.