We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Botnets, keyloggers caused Hotmail passwords leak, says security guru

Researcher dismisses claims of phishing attack

Article comments

"Regardless [of] what the final intent is of a botnet, one of the core capabilities of every botnet is the harvesting of email credentials. If it looks like a horse, it's a horse, it's not a zebra."

Landesman's theory contradicts not only Microsoft and Google, but also the Anti-Phishing Working Group (APWG), an industry association dedicated to fighting online identity theft. On Monday, the APWG's chairman, Dave Jevans said a phishing attack that garnered thousands of passwords was do-able. "It's not outside the realm of possibility," he said then.

Also against the phishing explanation, argued Landesman, is the fact that the second list -- approximately 20,000 passwords -- contained usernames from not just Hotmail, but also Gmail, Yahoo Mail, Comcast, EarthLink and others. "That makes [the purported phishing campaign] a much broader attack across multiple services."

Her first thought when she read about the compromised Hotmail accounts was of the cache of credentials she'd found two months before. "Those public lists reminded me of the lists I found," she said. "It was definitely not a complete list, but seemed to be an advertisement for what this [hacker] had to offer."

The hacker was either inexperienced, or none too bright: The data was not password-protected, which is the norm for credential caches.

Landesman's theory is not just an academic exercise, she maintained.

"Everyone who suspects that their account has been compromised should change their password," she said, repeating advice by Microsoft, Google and other security experts. "But if, after changing their password, they have another reoccurrence where they see their account being used to email spam, or they again can't access their account, then they need to suspect that there's a local infection on their PC."

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *