Feeds

Webmail-creating Trojan targets Gmail

Captcha buster spreads

Combat fraud and increase customer satisfaction

A strain of malware capable of setting up bogus Hotmail and Yahoo! accounts in order to send spam has been adapted to also target Gmail accounts.

The HotLan Trojan creates automatically-generated webmail accounts, implying that spammers have discovered a means to defeat Captcha challenge-response systems. Captcha systems, which typically prevent accounts being created until a user correctly identifies letters depicted in an image, are designed to ensure requests are made by a human rather than an automated program.

Since the arrival of the first variant of the Trojan last month, more than 500,000 spam email accounts have been created, according to Romanian anti-virus firm BitDefender. A joint effort between the security teams of BitDefender and Yahoo! appears to have stymied attempts to generate and use Yahoo! accounts to send spam.

However, this has pushed the problem onto Hotmail and Gmail (a new target of a latter variant of the Trojan) rather than having the desired effect of bringing the creation of bogus accounts under control.

The use of compromised PCs to send spam has been going on for years. The HotLan Trojan follows a more complex routine. Each active copy of the Trojan attempts to set up a webmail account, sending off the captcha image in an encrypted form to a spammer-controlled website. Servers behind this site process the image and extract the solution to the captcha challenge, which is then posted in the appropriate field.

Once a webmail account is established, encrypted spam emails are sent from a website onto infected machines. The HotLan Trojan then decrypts these junk emails and sends them to (presumably valid) addresses taken from yet another website.

Junk mail sent using the malware have largely been used to spamvertise pharmacy sites. Multiple bogus accounts are created from each infected machine. The Trojan itself is not widespread, indicating a possible desire by its authors to keep a low profile, even though its effects on Hotmail (in particular) are serious.

"There were 514,000 Hotmail accounts created [by the Trojan], as well as about 49,000 at Google," said Viorel Canja, head of BitDefender Anti-Virus Lab. "However, it is worth noting that while most of the Hotmail accounts are operational, Gmail accounts get blocked pretty fast, usually about a couple of days after being created." ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.