Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Yahoo and Hotmail hit by new webmail attacks

More on the Gmail v China theme

Article comments

Webmail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier this week by Google, according to security software vendor Trend Micro.

Trend Micro described two similar attacks against Yahoo Mail and Windows Live Hotmail in a blog post, published Thursday. "It's an ongoing issue for more than just Gmail," said Nart Villeneuve, a senior threat researcher with Trend Micro. Villeneuve believes that Facebook accounts have also been used to spread similar attacks.

Google made headlines Wednesday after revealing that several hundred Gmail users - including government officials, activists and journalists - had been the victims of targeted spearphishing attacks.

Google mentioned phishing on Wednesday, but the criminals have been using other attacks too. In March, Google said that hackers were taking advantage of a flaw in Microsoft's Windows software to launch politically motivated hacks against activists.

Corporate networks have been under attack for years, but hackers now see personal Webmail accounts as a way to get information that can help them sneak into computers that would otherwise be locked down. "People always think of these attacks as isolated cases, but they're more like a series of successful and failed attacks over a longer period of time," Villeneuve said. "It's not a one-off attack."

For example, in the Gmail phishing attacks, the hackers used a little-known Microsoft protocol to figure out what type of antivirus software their victims were using. By knowing what antivirus program they were up against, they could then build attack code and then test it against their target security software to be sure that it would go undetected.

And by trolling through their victims' email messages, the attackers could write believable-sounding messages that their targets would be more likely to click on or open up. That's how the victims lose control of their computers: by opening, for example, a specially written pdf document or by taking their browsers to a malicious website.

"This is the latest version of State's joint statement," read one fake email, used by the Gmail phishers. "My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."

"People, whether they're human rights activists or they're government officials, tend to have personal Webmail," Villeneuve said. "It's a good way for the attackers to get information on those individuals but also to get information that they could use for an attack of the corporate network of those individuals."

Google said that the phishing attacks it had detected were launched from computers located in Jinan, China. That led some to suspect that the phishing was state-sponsored, but China's US Embassy said on Thursday that China is the victim of cybercrime, not the perpetrator.

"As a responsible player in cyberspace, China strongly opposes unlawful online activities and supports international cooperation in striking down on such misdeeds," said Wang Baodong, an embassy spokesman, in an email. "Any claims of so-called Chinese state support for hacking are completely fictitious, and blaming misdeeds on China is irresponsible and unacceptable."

In a blog post, published Thursday, Villeneuve outlined other attacks, including one that leveraged a Hotmail Web programming bug to suck email messages from users' accounts. This attack worked by tricking victims into reading a maliciously encoded email message. It hit Taiwanese victims.

Another attack, spotted recently by Trend Micro, attempted to break into Yahoo Mail accounts by stealing the browser's cookie files and then using that information to try and trick Yahoo's servers into divulging sensitive information, Villneuve said. However, it looks like this attack didn't actually work thanks to technical difficulties, he said.

Microsoft was unable to immediately comment for this story, but earlier it did confirm that it fixed the Hotmail flaw. A Yahoo spokeswoman declined to comment on Trend Micro's report, but said that the company does "take security very seriously."

"We invest heavily in protective measures to ensure the security of our users and their data," the Yahoo spokeswoman said in an email message. "We also use a multi-faceted approach to further protect against spam, phishing and other online scams, which includes rapid response, industry collaboration, public policy efforts, and consumer awareness."

Although Gmail is now getting the most attention, Yahoo Mail is actually the most targeted Web mail platform, according to one researcher, who spoke on condition of anonymity because he is involved in sensitive investigations into these attacks. "It's been going on for a very long time," he said. "Campaigns go on every day."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *