Tuesday, December 18, 2007

How hackers hack & crack Yahoo passwords?


1: Many people use MAGIC PASSWORD STEALER (MPS) Trojan to hack yahoo passwords.

A lot and I mean a lot of people are infected with Magic PS. Especially with Magic PS 1.5 Second Edition. If you don't know what is Magic PS. Magic PS is a trojan, simply a program that steal your Yahoo! Messenger 5 or 6 user name and password to the sender. Magic PS 1.5 SE no longer show itself in the Message Archive, so checking there won't help.

If the sender is stupid enough, he/she would sent you the file "sender.exe", DO NOT accept it because it is the default name for a MPS created file.

Check your computer for certain files such as these:

Regsvr.exe in c:\Winnt or c:\Windows; depends on version of Windows

MsAgent32.exe in c:\*Win installed folder*\system 32

Perflib-Perfdata in c:\*Win installed folder*\System32

PIF in c:\*Win installed folder*
NTMSJRLN in c:\*Win installed folder*\system32\NtmsData

Sender.exe

MPSmmtask0.exe in c:\Documents settings\*User Name*\Local settings\Temp

The sender.exe (can be any name) file may also contain a text string "UPX-Scrambler RC1.x -> ©OnT®oL". You can see this by using a hex editor, etc.

MPS 1.5 SE hides the (sender/hacker) Yahoo! ID in the sender.exe file, it is scrambled so even with a hex-editor, and you still cannot view it. To reveal the (sender/hacker) Y! ID, simply reverse-engineer the sender.exe file.

Solution : Do not receive any executable files from an unknown person on chat.

2: BY using fake login screens

They ask you to have a look at their picture by sending a link to yahoo fake login screen. It exactly looks like mail.yahoo.com page or photos.yahoo.com page it will ask you to enter your ID & password to login. If you enter your details those login details directly goes into hacker's inbox. So be careful of these kinds of attacks.

3: Cracking passwords by using Yahoo Password Crackers

There are many Password crackers out for cracking Yahoo passwords. If you are using a dictionary based password like "something, 12345, abcdef, Attitude, etc… It takes hardly 3 hours for a good cracker to crack the password.

Solution: Never use dictionary based passwords. Use a password like this...

Example: (Sec*) Pass+). This kind of passwords is impossible to crack


I hope this little guide helps you in improving your own security on the net.
I wish you all the best!
Posted by DJRajan at 11:21 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)