Hotmail, Yahoo also targeted in phishing attack -Trend Micro

Google’s Gmail may not have been the lone target in a phishing attack earlier this week, as an online security firm noted similar attacks on Microsoft’s Hotmail and Yahoo’s Yahoo Mail. Trend Micro said its researchers in Taiwan revealed a phishing attack exploiting a vulnerability in Hotmail, and an attempt to steal users’ cookies in Yahoo Mail. “Google’s services haven’t been the only ones targeted. Trend Micro researchers in Taiwan revealed a phishing attack that exploited a vulnerability in Microsoft’s Hotmail service. In fact, rather than clicking a malicious link, even the simple act of previewing the malicious email message can compromise a user’s account. This phishing email pretended to be from the Facebook security team," it said in a blog post. “While the attacks appear to have been separately conducted, these have some significant similarities," it added. In the case of Yahoo Mail, Trend Micro said that while the attempt to steal cookies to gain access to user accounts appeared to fail, “it does signify that attackers are attempting to attack Yahoo! Mail users as well." Also, it said the same email address that attempted to exploit Yahoo! Mail was used in targeted attacks featuring malicious Mirosoft Excel spreadsheets in March. “This demonstrates the diversity of exploits that are available to attackers," it said. On the other hand, Trend Micro said these events show attackers are also attempting to exploit vulnerabilities in popular Webmail services “to compromise Webmail accounts, to monitor communications, and to gain information in order to stage future attacks." Clues to attacks While Trend Micro said these attacks can be difficult to defend against because they appear to come from recognizable sources, there are clues that can help identify phishing email messages. It said there are generally spelling and grammatical errors present in the messages that help indicate that it did not originate from the expected source. Also, it said there will be links to third-party websites that can be easily spotted. “The use of two-step verification processes (which Google offers for Gmail) can also help defend against such attacks," it added. It said there area also tools that protect browsers from the execution of malicious scripts. Attempted attacks on gmail Earlier this week, Google disclosed details of a phishing campaign that targeted Gmail accounts of high-profile users like government officials and of political activists. Trend Micro said the attackers’ objective appeared to be to gain access to the target’s Webmail accounts to monitor his/her communications and, possibly, to stage future attacks. “In the recent case revealed by Google, the attackers used a phishing attack to gain access to the target’s Gmail account then proceeded to add their own email addresses to the ‘forwarding and delegation settings,’ allowing them to send and receive email messages via the compromised accounts," it said. Also, it said these attacks were actually first revealed by Mila Parkour back in February, where the attackers also used a script that exploits theres:// protocol to enumerate the type of antivirus software the victim has installed on his/her computer. This information can then be used to stage a future attack that aims to take control of the target’s computer, not just his/her Gmail account. Trend Micro recently uncovered a malware that also uses the res:// protocol to enumerate the software installed in targets’ computers, setting the stage for future more precise attacks. “Once the attackers know what software are installed on a target’s computer, including antivirus products, they can craft a precise attack targeting any vulnerable software. Such an attack will then have a high probability of success," it said. Exploiting webmail vulnerabilities In addition to this recent phishing attack, Google also previously revealed attackers are exploiting a vulnerability in the MHTML protocol to target political activists who use Google’s services. Google likewise revealed that the same technique was being used against users of “another popular social site." While this other website has not been identified, Greg Walton reported that this MHTML exploit was being directed against Gmail users and that the initial phishing message was being propagated through Facebook. “These attacks targeted journalists and political activists. Like the recent phishing attacks, the attackers modified the delegation settings so they can continue to monitor the compromised Gmail accounts," Trend Micro said. — TJD, GMA News