Nothing here move along...
Runald said. "There are no advanced trojans or anything."
Well anything is a bit of a misnomer in this context. A SAS blended attack, a bit of spam, a bit of phish and some gravy on the side.
This is an interesting event. First report was that #10000 Hotmail addresses with the first character being A or B (no case sensistivity since it is a MS product) were published on pastebin.com (if memory serves). Then that spilled over to Gmail, et al. Now how does it go from 10000 to 30000 in a matter of days and that is what is reported.
This has been a well coordinated and crafty attack. Although there may be common perception in the security arena that phishers are not necessarily that technically astute, there are some people out that that are and this may be some evidence of that.
The wild wild web is going to get a lot wilder with clouds, SAS, XSS and blended attacks.