Feeds

Webmail buggers attack Yahoo!, Hotmail users

Gmail phishing assaults spread to MS and Yahoo! users

High performance access to file storage

The high-profile phishing campaign targeting the private Gmail accounts of government officials and political activists is part of a wider pattern of attacks also targeting Hotmail and Yahoo! Mail, according to net security firm Trend Micro.

Trend said that whether or not the attacks were related, they were all aimed towards bugging webmail accounts. Some of the current wave of assaults against webmail accounts also use techniques designed to find out what sort of security software victims are running as a prelude to deeper running assaults.

The initial phase of many of these attacks (include the Gmail assault) is a targeted email redirecting users to a fake site designed to con users into handing over their login credentials. Once accounts have been compromised, the attacker surreptitiously changes webmail settings in order to send emails to a drop account under their control.

In addition to monitoring compromised email accounts, the crackers behind the wheeze also use a script that exploits the res:// protocol to discover the type of anti-virus software a victim is using. This data is used to mount further attacks designed to obtain complete control over a victim's PC and not just their webmail account.

Trend Micro recently discovered a strain of malware that uses the res:// protocol to find out what security software a victim is running. The information is used to craft product specific attacks that "have a high probability of success", Trend warns.

Google previously warned that that attackers are exploiting a vulnerability in the MHTML protocol, specifically in attacks targeting political activists. Independent security researcher Greg Walton reports that a MHTML exploit directed against Gmail users initially spread, at least partly, via a phishing message passing through Facebook. Like the recent Gmail phishing attacks, the fraudsters modified account settings to monitor compromised Gmail accounts.

Google is far from alone in all this. Trend Micro researchers in Taiwan have discovered a phishing attack that "exploited a vulnerability in Microsoft's Hotmail service". The malicious email, which posed as a message from the Facebook security team, was capable of compromising a user's account simply by previewing the malicious message.

Yahoo! Mail users have also been targeted, via an attack designed to steal users' authentication cookies. "While this attempt appeared to fail, it does signify that attackers are attempting to attack Yahoo! Mail users as well," Trend Micro reports.

Email addresses associated with the Yahoo! Mail attack were also used to run a different attack, featuring malicious Microsoft Excel spreadsheets, back in March.

A full write-up of recent trends in webmail account hacking can be found in a blog post by Trend Micro here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.