Feeds

Yahoo! and! Microsoft! have! long! way! to! go! in! account! hijack! fight!

Google hardly ever spaffs out spam anymore - researchers

5 things you didn’t know about cloud backup

Microsoft and Yahoo! are way behind Google in fighting account hijacking, according to security experts.

Earlier this week Google said that "complex risk analysis" featuring "more than 120 variables" had reduced the number of compromised accounts on its system by 99.7 per cent, since the problem peaked in 2011. The claim is credible, according to Virus Bulletin anti-spam test director Martijn Grooten. But it looks like its rival providers are still battling to keep the account hijackers away - to the extent that the accounts of the two webmail providers are now a great deal more likely to be hijacked.

"Our own measurements show that Google may have a point when it says it is doing something right - and that Yahoo!, and to a lesser extent Hotmail (now Outlook.com), has a real problem," Grooten explains in a blog post.

The VBSpam spam filter tests involve the collection of various streams of legitimate emails (since a spam filter that blocks most spam, but which blocks a lot of legitimate email as well, is of little practical use).

However, the legitimate feeds we use do occasionally feature spam email - usually from compromised accounts and typically sent to addresses contained in the compromised accounts' address books. We have noticed a few emails from compromised Gmail accounts among these spam emails, but noticed that Yahoo! emails are far more prevalent.

Over the last eight months of testing Virus Bulletin found that, in the legitimate email feeds, about one in 115 emails from the Yahoo! were spam, compared with fewer than one in 4,800 from Gmail. Hotmail, Microsoft's free webmail service (now Outlook.com), features one in 325 spam emails in legitimate feeds.

In the majority of cases, the spamming is coming from compromised legitimate accounts. So Virus Bulletin's stats suggest that Yahoo! and MS need to do more to clamp down on account hijacking, perhaps by adopting some of the approaches used successfully by Google.

This is a problem not least because spam sent from compromised accounts "is notoriously hard to block, especially when the emails are sent to people in the accounts' address books and include links to pages on compromised websites (that typically redirect to the payload on domains controlled by the spammers)," according to Grooten.

He adds: "A significant portion of the links in these emails attempt to install malware (typically via exploit kits such as Blackhole), they are more than a mere nuisance. By reducing the number of compromised accounts, webmail providers thus not only reduce abuse of their own systems, they also help make the internet a safer place," he concluded.

Users can also help themselves by using secure passwords and trying to make sure their systems don't get infected by malware but a big slice of the responsibility falls on webmail providers.

Google is doing something right - and Virus Bulletin figures tend to confirm that. "Blocking this kind of stuff is tricky, I do wonder if they can improve much more," Grooten said.

Grooten added the caveat that the prices for hacked Gmail accounts on underground market don't appear to have experienced significant price increase and this is odd in the context of supply dropping by a factor of 300.

What is clear is that Yahoo! and Microsoft aren't doing as well as Google in combating the hijacking problem. Some of this might be explained by different demographics and hidden bias in Virus Bulletin stats, but not the wide difference in hijack-related spam incidents between Gmail and its two main webmail rivals.

"Gmail users have a reputation of being more tech-savvy than those using other webmail services, but this alone can't explain the huge difference we see. Yahoo!, and to a slightly lesser extent Microsoft, would thus do well to take a leaf out of Google's book," Grooten said. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.