Hotmail, Yahoo also targeted in phishing attack -Trend Micro
Googleâs Gmail may not have been the lone target in a phishing attack earlier this week, as an online security firm noted similar attacks on Microsoftâs Hotmail and Yahooâs Yahoo Mail. Trend Micro said its researchers in Taiwan revealed a phishing attack exploiting a vulnerability in Hotmail, and an attempt to steal usersâ cookies in Yahoo Mail. âGoogleâs services havenât been the only ones targeted. Trend Micro researchers in Taiwan revealed a phishing attack that exploited a vulnerability in Microsoftâs Hotmail service. In fact, rather than clicking a malicious link, even the simple act of previewing the malicious email message can compromise a userâs account. This phishing email pretended to be from the Facebook security team," it said in a blog post. âWhile the attacks appear to have been separately conducted, these have some significant similarities," it added. In the case of Yahoo Mail, Trend Micro said that while the attempt to steal cookies to gain access to user accounts appeared to fail, âit does signify that attackers are attempting to attack Yahoo! Mail users as well." Also, it said the same email address that attempted to exploit Yahoo! Mail was used in targeted attacks featuring malicious Mirosoft Excel spreadsheets in March. âThis demonstrates the diversity of exploits that are available to attackers," it said. On the other hand, Trend Micro said these events show attackers are also attempting to exploit vulnerabilities in popular Webmail services âto compromise Webmail accounts, to monitor communications, and to gain information in order to stage future attacks." Clues to attacks While Trend Micro said these attacks can be difficult to defend against because they appear to come from recognizable sources, there are clues that can help identify phishing email messages. It said there are generally spelling and grammatical errors present in the messages that help indicate that it did not originate from the expected source. Also, it said there will be links to third-party websites that can be easily spotted. âThe use of two-step verification processes (which Google offers for Gmail) can also help defend against such attacks," it added. It said there area also tools that protect browsers from the execution of malicious scripts. Attempted attacks on gmail Earlier this week, Google disclosed details of a phishing campaign that targeted Gmail accounts of high-profile users like government officials and of political activists. Trend Micro said the attackersâ objective appeared to be to gain access to the targetâs Webmail accounts to monitor his/her communications and, possibly, to stage future attacks. âIn the recent case revealed by Google, the attackers used a phishing attack to gain access to the targetâs Gmail account then proceeded to add their own email addresses to the âforwarding and delegation settings,â allowing them to send and receive email messages via the compromised accounts," it said. Also, it said these attacks were actually first revealed by Mila Parkour back in February, where the attackers also used a script that exploits theres:// protocol to enumerate the type of antivirus software the victim has installed on his/her computer. This information can then be used to stage a future attack that aims to take control of the targetâs computer, not just his/her Gmail account. Trend Micro recently uncovered a malware that also uses the res:// protocol to enumerate the software installed in targetsâ computers, setting the stage for future more precise attacks. âOnce the attackers know what software are installed on a targetâs computer, including antivirus products, they can craft a precise attack targeting any vulnerable software. Such an attack will then have a high probability of success," it said. Exploiting webmail vulnerabilities In addition to this recent phishing attack, Google also previously revealed attackers are exploiting a vulnerability in the MHTML protocol to target political activists who use Googleâs services. Google likewise revealed that the same technique was being used against users of âanother popular social site." While this other website has not been identified, Greg Walton reported that this MHTML exploit was being directed against Gmail users and that the initial phishing message was being propagated through Facebook. âThese attacks targeted journalists and political activists. Like the recent phishing attacks, the attackers modified the delegation settings so they can continue to monitor the compromised Gmail accounts," Trend Micro said. â TJD, GMA News