I'm getting an increasing number of those malware phishing spams sent from friends accounts, and just about all of them are Yahoo accounts. The accounts get hacked, the spam sent to their entire mailing list, and their friends click the embedded malware link because a trusted "friend" sent them the mail. The fact that just about all of these are Yahoo mail leads me to wonder- is it an inherent weakness in Yahoo that permits dictionary attacks or other multiple password guessing attacks, or is it an inherent weakness in Yahoo users setting up weak passwords? (I've seen lists online of the 10 most common passwords, maybe they are using those?). Another possibility, a flaw in Yahoo's security that lets hackers get at the PW database, or an employee who went rogue and sold access? Or is it just coincidence that I'm seeing this pattern?