Hotmail and Yahoo users also victims of targeted attacks

reghakr

Essential Member
Joined
Jan 26, 2009
Location
Erie, PA
IDG News Service - Web mail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier this week by Google, according to security software vendor Trend Micro.

Trend Micro described two similar attacks against Yahoo Mail and Windows Live Hotmail in a blog post, published Thursday. "It's an ongoing issue for more than just Gmail," said Nart Villeneuve, a senior threat researcher with Trend Micro. Villeneuve believes that Facebook accounts have also been used to spread similar attacks.

Google made headlines Wednesday after revealing that several hundred Gmail users -- including government officials, activists and journalists -- had been the victims of targeted spearphishing attacks.

Google mentioned phishing on Wednesday, but the criminals have been using other attacks too. In March, Google said that hackers were taking advantage of a flaw in Microsoft's Windows software to launch politically motivated hacks against activists.

Corporate networks have been under attack for years, but hackers now see personal Web mail accounts as a way to get information that can help them sneak into computers that would otherwise be locked down. "People always think of these attacks as isolated cases, but they're more like a series of successful and failed attacks over a longer period of time," Villeneuve said. "It's not a one-off attack."

For example, in the Gmail phishing attacks, the hackers used a little-known Microsoft protocol to figure out what type of antivirus software their victims were using. By knowing what antivirus program they were up against, they could then build attack code and then test it against their target security software to be sure that it would go undetected.

And by trolling through their victims' email messages, the attackers could write believable-sounding messages that their targets would be more likely to click on or open up. That's how the victims lose control of their computers: by opening, for example, a specially written pdf document or by taking their browsers to a malicious website. "This is the latest version of State's joint statement," read one fake email, used by the Gmail phishers. "My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."

"People, whether they're human rights activists or they're government officials, tend to have personal Web mail," Villeneuve said. "It's a good way for the attackers to get information on those individuals but also to get information that they could use for an attack of the corporate network of those individuals."

Google said that the phishing attacks it had detected were launched from computers located in Jinan, China. That led some to suspect that the phishing was state-sponsored, but China's U.S. Embassy said Thursday that China is the victim of cybercrime, not the perpetrator. "As a responsible player in cyberspace, China strongly opposes unlawful online activities and supports international cooperation in striking down on such misdeeds," said Wang Baodong, an embassy spokesman, in an email. "Any claims of so-called Chinese state support for hacking are completely fictitious, and blaming misdeeds on China is irresponsible and unacceptable."

In a blog post, published Thursday, Villeneuve outlined other attacks, including one that leveraged a Link Removed due to 404 Error This attack worked by tricking victims into reading a maliciously encoded email message. It hit Taiwanese victims.

Another attack, spotted recently by Trend Micro, attempted to break into Yahoo Mail accounts by stealing the browser's cookie files and then using that information to try and trick Yahoo's servers into divulging sensitive information, Villneuve said. However, it looks like this attack didn't actually work thanks to technical difficulties, he said.

Microsoft was unable to immediately comment for this story, but earlier it did confirm that it fixed the Hotmail flaw. A Yahoo spokeswoman declined to comment on Trend Micro's report, but said that the company does "take security very seriously."

"We invest heavily in protective measures to ensure the security of our users and their data," the Yahoo spokeswoman said in an email message. "We also use a multi-faceted approach to further protect against spam, phishing and other online scams, which includes rapid response, industry collaboration, public policy efforts, and consumer awareness."

Although Gmail is now getting the most attention, Yahoo Mail is actually the most targeted Web mail platform, according to one researcher, who spoke on condition of anonymity because he is involved in sensitive investigations into these attacks. "It's been going on for a very long time," he said. "Campaigns go on every day."

Source: Hotmail and Yahoo users also victims of targeted attacks - Computerworld
 
The recent round of spear phishing suffered by a few hundred high-profile Gmail users might not be limited to Google's mail service. Trend Micro says it's seeing similar goings-on in other popular public email systems like Yahoo Mail and Hotmail. The company says there are significant similarities in the attacks, though it's unknown whether they're directly related.

Gmail is not the only e-mail service whose users have been targeted by spear-phishing hackers. Users at Yahoo (Nasdaq: YHOO) Mail and Hotmail are also on the email infiltrators' hit lists, according to security firm Trend Micro (Nasdaq: TMIC).

The attacks on the latter two email systems appear to be separately conducted, said Nart Villeneuve, senior threat researcher at Trend Micro. However, they contain significant similarities with the recently seen attacks on Gmail users.

Earlier this week, Google (Nasdaq: GOOG) disclosed that some of its Gmail users' accounts had been breached by hackers using highly targeted spear phishing methods to gain access to and spy on their email exchanges. Though the list of victims is relatively short, Google claims it includes high-profile individuals like government officials, journalists and Chinese human rights activists.

As a method of stealing personal information, spear phishing has been going on for quite some time.

"These attacks occur all the time," Rod Rasmussen, president and chief technology officer of Internet Identity, told TechNewsWorld.

"It would have been shocking if Gmail was the only email system targeted by this kind of attack," Mike Paquette, chief strategy officer at Top Layer, remarked.

Phishing attacks and other forms of abuse are "a persistent industry challenge," John Scarrow, general manager of Microsoft (Nasdaq: MSFT) Safety Services, told TechNewsWorld.

So far, only Google has apparently made a public complaint, in which it also claims the hacks originated in China, kicking off a war of words between the Washington and Beijing.

However, the identity and origin of the attackers may not be easy to pinpoint accurately.

"It's not difficult for the attackers to mask their true location and appear to be coming from locations in other countries," Nart Villeneuve, a senior threat researcher at Trend Micro, pointed out.

Phishing attacks and other forms of abuse are "a persistent industry challenge," John Scarrow, general manager of Microsoft Safety Services, told TechNewsWorld.

Google and Yahoo did not respond to requests for comment by press time.

[SIZE=3B]About the Gmail Attack [/B][/SIZE]
Google has previously said the latest attack hijacked hundreds of users' Gmail accounts through spear phishing.

Spear phishing is a targeted attack in which users are lured to click on a link embedded in an email or an attachment to an email with a subject line that may be of interest to the victim. Rather than the vague and general information contained in a typical phishing email scam, spear phishers use information specific to the victim in order to gain that person's trust.

In some cases, the subject line appears to be work-related; in others, it appears to be from a friend or a courier company such as Federal Express, or it could be salacious -- whatever works, in other words.

"Targeted emails that tempt a user to click a hyperlink are among the most prevalent methods of infecting computers with malware or of stealing information," Top Layer's Paquette told TechNewsWorld.

This is not the first attack on Gmail users; back in March, Google blogged about an attack using an MHTML vulnerability. This vulnerability let attackers load up a malicious document that could execute JavaScript into MHTML.

MHTML is a container format that uses MIME encapsulation to combine several documents into a single file. It's used by Internet Explorer, which had the MHTML vulnerability.

Attacks on Yahoo and Hotmail

Users of the Hotmail and Yahoo Mail services were also targeted by phishing attacks, Trend Micro's Villeneuve told TechNewsWorld.

In the case of Yahoo Mail, the attackers sent an email that contained two attachments, Villeneuve disclosed.

One was a malicious document and the other an unsuccessful cross-site scripting exploit attempt designed to steal the user's Yahoo Mail cookie in order to access the user's account, Villeneuve stated. However, the attacker's code "did not function correctly," he said.

Microsoft sidestepped the question of whether or not Hotmail account holders had been spear-phished.

"Microsoft is not aware of any Hotmail customers being targeted by the specific phishing attacks that occurred earlier this week," Scarrow said.

Attackers can expect no mercy from Redmond.

"We actively prosecute malicious entities that violate the law through spam, phishing and other attacks," Scarrow said.

Practicing Safe Email Access
Attacking people's personal webmail accounts may give hackers access to vital information.

Many people check their personal webmail accounts at work, which lets attackers gain information about the target to use in later attacks, Villeneuve said.

People who check their personal webmail accounts from their office computers also open the door to attackers gaining information about the network the user is on, through tactics such as using the "res://" protocol, and using that information in later attacks, Villeneuve stated.

To minimize the threat from such email attacks, users should use a multi-step login process, IID's Rasmussen said. Google suggests consumers use both a password and another proof of identity such as their phone number, although that might open up new vectors for attack.

Consumers should also change their passwords regularly; use different passwords for their different accounts; check their email settings, especially those for forwarding; and assume the bad guys have broken into their accounts and search for evidence of this "every once in a while," Rasmussen stated.

"Phishing attacks are becoming more targeted," Top Layer's Paquette pointed out. "Unless you've requested the hyperlink, don't click on it," he warned.

It's not easy for enterprises and government agencies to harden their email systems so that compromised emails don't infect the IT infrastructure, Top Layer's Paquette said.

"The compromised website may be so new that there's no way for the email system to know in advance that it's malicious," Paquette pointed out.

However, there are other technologies organizations can use, such as network intrusion prevention systems, that stop the attack even after an infected email has been opened, Paquette said.

Source: Welcome to TechNewsWorld
 
Web mail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier the week of May 30 by Google, according to security software vendor Trend Micro.

Trend Micro described two similar attacks against Yahoo Mail and Windows Live Hotmail in a blog post, published June 2.

“It’s an ongoing issue for more than just Gmail,” a senior threat researcher with Trend Micro said.

He believes Facebook accounts have also been used to spread similar attacks.

Google made headlines June 1 after revealing several hundred Gmail users — including government officials, activists, and journalists — had been the victims of targeted
spearphishing attacks.

Google mentioned phishing on June 1, but the criminals have been using other attacks too.

In March, Google said hackers were taking advantage of a flaw in Microsoft’s Windows software to launch politically motivated hacks against activists.

Corporate networks have been under attack for years, but hackers now seepersonal Web mail accounts as a way to get information that can help them sneak into computers that would otherwise be locked down.

Source: Hotmail and Yahoo Users Also Victims of Targeted Attacks - CSO Online - Security and Risk
 
Back
Top Bottom