funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scammers exploit public lists of hijacked Hotmail passwords

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Sun, 11 Oct 2009 16:45:43 +0300 (EEST)
Researcher refutes Microsoft's account of hijacked Hotmail passwords:
http://www.networkworld.com/news/2009/100709-researcher-refutes-microsofts-account-of.html

"Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive 
lists
-- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources --
were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses.

Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those 
from Windows Live ID,
the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online 
services.

That cache contained about 5,000 Windows Live ID username/password combinations, said Landesman, who found the trove 
while researching a new piece of malware.
"From the organization [of that cache] and what the data looked like in raw form, I think it's more likely that this 
latest was the result of keylogging or data theft, not phishing," Landesman said."
--clip--

It would be interesting to see the Sent dates of the spam emails related to this issue. Microsoft says they locked 
these accounts, but when??

Juha-Matti

Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti: 

"Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake 
Chinese electronics seller
to bilk users out of cash and their credit card information, a security researcher said today.

"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, 
senior manager of Websense's security research team.
"By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras 
and computers.""
--clip--

More at
http://www.computerworld.com/s/article/9139092/Scammers_exploit_public_lists_of_hijacked_Hotmail_passwords

But it was just some days ago when Microsoft announced that it has been locked these account - during the weekend 
already...



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: