I got an email (referring to me by name) from somebody I knew a while ago and the email itself was just two/three lines containing a bit-ly link. Although it seemed like it actually could be legitimate I didn't click the link but copied and pasted it into my browser in a new tab. It took me to a fake MSNBC site with a stupid article without getting any warnings from my Kaspersky suite. So I deleted the email.
Then eight hours later, I see that similar emails were sent from my email account to everyone on my contact list. These email were actually in my sent folder and people had replied back.
I don't think my (yahoo) account was actually hijacked because I could still log-in and of course ASAP I upped all security options and changed to a much harder password. Now several day later, I haven't seen any other suspicious activity on my account. Everything seems normal again.
My questions is how did this work? Was the fake MSNBC page doing something like running a script? But then how did it get into my yahoo contact list and read off all of the addresses and first names and composed emails and sent them out?
EDIT #1: And just to add, I also checked recent activity log at yahoo, as soon as I discovered the attack and the times and places it showed are all consistent with my usage, like I was logged in at the time and it shows my physical location too. I have an antivirus/firewall solution which is continuously updated. I have a wireless router with fairly strong security settings on it (not using the defaults or anything), with (medium strength) wireless password, MAC filtering and WPA-WPA2 encryption.
EDIT #2: Here is the bitly link http://bit.ly/VVqekC
.
Update: The bitly-link was disabled. The website, which hosted the CSRF exploit on Yahoo Webmail, was shut down.
Edit #3: Thanks for the answers everyone. Makes sense. But I still have two questions. Is there any further danger because of this specific attack? Could any information been compromised like any of my emails in my inbox or sent folder or my old password? I did change my password and cleared everything from history/cookies/cache as soon as I found out. In addition, I have the free version which won't let you forward all incoming emails but could something like that have been setup? Second, what was the point of this attack? To what end was it? Just to make me (and everyone else I know) read an innocuous article?