Web mail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier this week by Google, according to security software vendor Trend Micro.
Trend Micro described two similar attacks against Yahoo Mail and Windows Live Hotmail in a blog post, published Thursday. “It’s an ongoing issue for more than just Gmail,” said Nart Villeneuve, a senior threat researcher with Trend Micro. Villeneuve believes that Facebook accounts have also been used to spread similar attacks.
Google made headlines Wednesday after revealing that several hundred Gmail users—including government officials, activists and journalists—had been the victims of targeted spearphishing attacks.
Google mentioned phishing on Wednesday, but the criminals have been using other attacks too. In March, Google said that hackers were taking advantage of a flaw in Microsoft’s Windows software to launch politically motivated hacks against activists.
Corporate networks have been under attack for years, but hackers now see personal Web mail accounts as a way to get information that can help them sneak into computers that would otherwise be locked down. “People always think of these attacks as isolated cases, but they’re more like a series of successful and failed attacks over a longer period of time,” Villeneuve said. “It’s not a one-off attack.”
For example, in the Gmail phishing attacks, the hackers used a little-known Microsoft protocol to figure out what type of antivirus software their victims were using. By knowing what antivirus program they were up against, they could then build attack code and then test it against their target security software to be sure that it would go undetected.
And by trolling through their victims’ e-mail messages, the attackers could write believable-sounding messages that their targets would be more likely to click on or open up. That’s how the victims lose control of their computers: by opening, for example, a specially written pdf document or by taking their browsers to a malicious website. “This is the latest version of State’s joint statement,” read one fake email, used by the Gmail phishers. “My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”
“People, whether they’re human rights activists or they’re government officials, tend to have personal Web mail,” Villeneuve said. “It’s a good way for the attackers to get information on those individuals but also to get information that they could use for an attack of the corporate network of those individuals.”
Sign up for CIO Asia eNewsletters.