Fake Yahoo site phishes for identities

The fake site, which was still live on Wednesday afternoon, is being hosted on a Yahoo Geocities account and asks users to log in with their Yahoo user ID and password. Once the details are entered, the site displays a slogan "PAGINA HACKEADA - CUIDADO!", which means "hacked page -- be careful" in Spanish.

Adam Biviano, senior systems engineer at Trend Micro Australia and New Zealand, said victims are being lured to the Web site by spam sent over Yahoo's instant messenger service. This means a user will receive a message -- often from someone on their friends list -- telling them to visit the site, which makes the scam more believable.

"It is basically a honeypot to try and attract people there to sign up for online games. I am of the opinion that this is probably just [being promoted] with spam," said Biviano, who conceded that the messages could be generated by a virus or other malware. "viruses making use of instant messenger are becoming far more popular."

According to Biviano, the site only has one purpose -- identity theft.

"This is really showing that identity theft is where the next big threats are heading. The only reason for this site to exist -- it is not stealing credit cards or taking any money off you in any way -- it is just after personal details," said Biviano.

Yahoo was unavailable for comment.

Instant messenger applications have been attacked on a regular basis over the past year with various viruses and worms taking advantage of users' focus on malicious e-mail-based attacks.

Last week, a variant of the Kelvir worm attacked users of Microsoft's MSN Messenger service in ten different languages - depending on the user's system setting.

This attack came just weeks after the Opanki worm attempted to infect instant messenger users with a malicious file disguised as a version of Apple's iTunes application.