Feeds

Yahoo! and! Microsoft! have! long! way! to! go! in! account! hijack! fight!

Google hardly ever spaffs out spam anymore - researchers

SANS - Survey on application security programs

Microsoft and Yahoo! are way behind Google in fighting account hijacking, according to security experts.

Earlier this week Google said that "complex risk analysis" featuring "more than 120 variables" had reduced the number of compromised accounts on its system by 99.7 per cent, since the problem peaked in 2011. The claim is credible, according to Virus Bulletin anti-spam test director Martijn Grooten. But it looks like its rival providers are still battling to keep the account hijackers away - to the extent that the accounts of the two webmail providers are now a great deal more likely to be hijacked.

"Our own measurements show that Google may have a point when it says it is doing something right - and that Yahoo!, and to a lesser extent Hotmail (now Outlook.com), has a real problem," Grooten explains in a blog post.

The VBSpam spam filter tests involve the collection of various streams of legitimate emails (since a spam filter that blocks most spam, but which blocks a lot of legitimate email as well, is of little practical use).

However, the legitimate feeds we use do occasionally feature spam email - usually from compromised accounts and typically sent to addresses contained in the compromised accounts' address books. We have noticed a few emails from compromised Gmail accounts among these spam emails, but noticed that Yahoo! emails are far more prevalent.

Over the last eight months of testing Virus Bulletin found that, in the legitimate email feeds, about one in 115 emails from the Yahoo! were spam, compared with fewer than one in 4,800 from Gmail. Hotmail, Microsoft's free webmail service (now Outlook.com), features one in 325 spam emails in legitimate feeds.

In the majority of cases, the spamming is coming from compromised legitimate accounts. So Virus Bulletin's stats suggest that Yahoo! and MS need to do more to clamp down on account hijacking, perhaps by adopting some of the approaches used successfully by Google.

This is a problem not least because spam sent from compromised accounts "is notoriously hard to block, especially when the emails are sent to people in the accounts' address books and include links to pages on compromised websites (that typically redirect to the payload on domains controlled by the spammers)," according to Grooten.

He adds: "A significant portion of the links in these emails attempt to install malware (typically via exploit kits such as Blackhole), they are more than a mere nuisance. By reducing the number of compromised accounts, webmail providers thus not only reduce abuse of their own systems, they also help make the internet a safer place," he concluded.

Users can also help themselves by using secure passwords and trying to make sure their systems don't get infected by malware but a big slice of the responsibility falls on webmail providers.

Google is doing something right - and Virus Bulletin figures tend to confirm that. "Blocking this kind of stuff is tricky, I do wonder if they can improve much more," Grooten said.

Grooten added the caveat that the prices for hacked Gmail accounts on underground market don't appear to have experienced significant price increase and this is odd in the context of supply dropping by a factor of 300.

What is clear is that Yahoo! and Microsoft aren't doing as well as Google in combating the hijacking problem. Some of this might be explained by different demographics and hidden bias in Virus Bulletin stats, but not the wide difference in hijack-related spam incidents between Gmail and its two main webmail rivals.

"Gmail users have a reputation of being more tech-savvy than those using other webmail services, but this alone can't explain the huge difference we see. Yahoo!, and to a slightly lesser extent Microsoft, would thus do well to take a leaf out of Google's book," Grooten said. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.