Recently, I’ve been bombarded by emails to my yahoo account supposedly from my OWN yahoo account (from me, to me).

The text of the email is …

De?ra? Yah?!oo? M?bme?er,

We m?su?t che?kc? th?ta? y?ruo? Ya?!ooh? ID was r?tsige?ered by r?ae?l p?oe?ple. So, to he?pl? Y?ooha?! pr?ve?ent a?amotu?ted
reg?tsi?rations, pl?esae? c?il?ck on t?ih?s l?kni? and co?etelpm? c?do?e ver?tacifi?ion pr?eco?ss:

h ttp://*ht%74%70:%2f/%57%77%77%2E%09gOo%67%6C%65

Tha?kn? you.

Of course, if you use Javascript and unescape this sequence, you see how a flaw in Yahoo’s website allows you to get redirected to google, AND then a flaw on google’s site further sends you to a website in Russia ( If you click on that link your email address will be verified and possible used in spam lists. I am not sure if this is some way hijacks your yahoo account (Gmail cookies were hi-jacked recently).

If you got such a mail recently, then you can check this by going to my website and entering the URL you recieved …

Vinit’s Javascript UnEscape page