All the latest UK technology news, reviews and analysis
|
|
|
25 Feb 2009
Users of internet chat services have been hit by a major phishing attack aimed at stealing account log-in details, security researchers have warned.
The unsolicited instant messages urge users to click on a TinyURL link to watch a video, but the link takes them to a site called ViddyHo which asks them to fill in user names and passwords. The phishers can then use these details to hack into user accounts and send more malicious links.
Much of the focus around this attack has been on risks to Gmail account holders, in response to the Google Mail outage on Tuesday. However, phishers are also targeting users of instant messaging systems from Yahoo, Microsoft and MySpace.
"This is, of course, a classic attempt to phish credentials from the unwary, " wrote Sophos senior technology consultant Graham Cluley in a blog posting. "The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet."
Users are also more likely to fall for this attack because the link comes from a trusted source, according to Rik Ferguson, solutions architect at security vendor Trend Micro.
"If the message has come from your friend, you're far more likely to click on it," he said. "It's also interesting to see link obfuscation techniques here, using the TinyURL service to mask malicious URLs."
Although TinyURL has since reportedly blacklisted ViddyHo, these kinds of attack are likely to increase because of the "added value of trust" enabled by using compromised accounts to send out the malicious links, explained Ferguson.
He advised users to make sure that the passwords they use to log in to financial sites are different from those they use for email, instant messaging and social networking accounts, and to ensure that any site asking for log-in details displays the padlock symbol.
Just a week ago RSA Security reported that the number of global phishing attacks grew by 66 per cent last year compared to 2007, equating to 135,426 separate incidents.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java / Oracle Coherence Technical / Solution Architect...
ASP.Net/C#/Web Development/Desktop Development/Winforms...
My Major client urgently requires an experienced contract...
Decision Systems Analyst West Midlands £19-24,000 Are...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?