This week's airing of some 30,000 compromised Windows Live and Google Mail accounts has coincided with a spike in spam from those two services that promote sketchy electronics dealers, a researcher said. Over the past few days, spam promoting fraudulent electronics stores has increased by as much as 40 per cent, according to …
Nothing here move along...
Runald said. "There are no advanced trojans or anything."
Well anything is a bit of a misnomer in this context. A SAS blended attack, a bit of spam, a bit of phish and some gravy on the side.
This is an interesting event. First report was that #10000 Hotmail addresses with the first character being A or B (no case sensistivity since it is a MS product) were published on pastebin.com (if memory serves). Then that spilled over to Gmail, et al. Now how does it go from 10000 to 30000 in a matter of days and that is what is reported.
This has been a well coordinated and crafty attack. Although there may be common perception in the security arena that phishers are not necessarily that technically astute, there are some people out that that are and this may be some evidence of that.
The wild wild web is going to get a lot wilder with clouds, SAS, XSS and blended attacks.
If it smells like a turd..
...and it looks like a turd, and it feels like a turd.....it must be a CHEAP LAPPY!!!
@Gary 38 Re: Nothing here move along...
> ..with the first character being A or B (no case sensistivity since it is a MS product)
Please point me to an "out of the box" unix/linux distribution that has case sensitivity for the local part of an email address.
From memory, the spec says that email addresses MUST NOT be case sensitive...
Three comments in
and already we have microsoft/linux handbags at dawn.
Can we split el Reg into three please?
One for microsoft fanbois.
One for Linux fanbois.
One for the rest of us.
Since the providers presumably have these lists can't they just add a warning to the top of any outgoing email from a compromised account stating that it has been compromised and that anything from it should be treated as suspect?
Leave the message there until all security details have been reset. Not only will it warn other people it might shame those who gave their details to be more careful in the future.
You can hardly turn this into an MS/ linux argument as surely hotmail is an ms product (not that I know for sure) but wouldn't they use exchange (???) and I'd guess that google/gmail would be open source. So in this case wouldnt both camps be to blaime for the original account cracking.
(waits for flaming!!!)
Re: Three comments in
I'm the AC @ 10:06 GMT and I'm definitely not an MS fanboy. I dont use any of their products.
I as happy as the next person to bash MS, but only when they deserve it. I'm just as happy to defend them from undeserved criticism as in Gary 38's comment.