It was just last week that Google announced the compromise of select Gmail accounts, among them government officials and political activists. Now security firm TrendMicro has warned that similar attacks have targeted select Yahoo! and Hotmail email accounts, although the company said that the attacks appear to have come in separate waves.
Nevertheless, as Nart Villeneuve, senior threat researcher with TrendMicro, pointed out on the company’s Malware Blog, there are aspects of the compromises that follow the same path. The first was a targeted spearphishing attack against a particular account “in order to monitor...communications and, possibly, to stage future attacks”. In the case of the Gmail attacks, once the account was compromised, the hackers then installed a script on the user’s computer to ascertain the type of anti-virus the machine was using, presumably to engage in countermeasures to avoid detection.
Trend’s researchers in Taiwan also identified attacks that exploit a vulnerability in the Microsoft Hotmail web email service. “Rather than clicking a malicious link, even the simple act of previewing the malicious email message can compromise a user’s account”, noted Villeneuve. “This phishing email pretended to be from the Facebook security team.”
The Trend Micro researcher also outlined a sophisticated, yet unsuccessful attempt to compromise the accounts of certain Yahoo! Mail users. “We recently alerted Yahoo! of an attempt to exploit Yahoo! Mail by stealing users’ cookies in order to gain access to their email accounts”, Villeneuve said. “While this attempt appeared to fail, it does signify that attackers are attempting to attack Yahoo! Mail users as well.”
Villeneuve closed by providing some context to the attacks when viewed in aggregate: “These events demonstrate that in addition to targeted attacks that encourage users to open malicious attachments, usually .PDF and .DOC files, attackers are also attempting to exploit vulnerabilities in popular Webmail services in order to compromise Webmail accounts, to monitor communications, and to gain information in order to stage future attacks.”
Meanwhile, over at Top Layer, Mike Paquette, the company’s chief strategy officer, expressed his lack of surprise about the Yahoo! and Hotmail revelations.
“These newer ‘tempt-to-click’ emails use many of the social engineering techniques of phishing or spearphishing, but silently steal keystrokes, files, cookies, or other pieces of sensitive information”, he asserted. “It would have been shocking if Gmail was the only email system targeted by this kind of attack.”