funsec mailing list archives
Re: Scammers exploit public lists of hijacked Hotmail passwords
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Sun, 11 Oct 2009 16:45:43 +0300 (EEST)
Researcher refutes Microsoft's account of hijacked Hotmail passwords: http://www.networkworld.com/news/2009/100709-researcher-refutes-microsofts-account-of.html "Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive lists -- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources -- were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses. Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those from Windows Live ID, the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online services. That cache contained about 5,000 Windows Live ID username/password combinations, said Landesman, who found the trove while researching a new piece of malware. "From the organization [of that cache] and what the data looked like in raw form, I think it's more likely that this latest was the result of keylogging or data theft, not phishing," Landesman said." --clip-- It would be interesting to see the Sent dates of the spam emails related to this issue. Microsoft says they locked these accounts, but when?? Juha-Matti Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti:
"Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said today. "We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."" --clip-- More at http://www.computerworld.com/s/article/9139092/Scammers_exploit_public_lists_of_hijacked_Hotmail_passwords But it was just some days ago when Microsoft announced that it has been locked these account - during the weekend already...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Scammers exploit public lists of hijacked Hotmail passwords Juha-Matti Laurio (Oct 08)
- <Possible follow-ups>
- Re: Scammers exploit public lists of hijacked Hotmail passwords Juha-Matti Laurio (Oct 11)