All the latest UK technology news, reviews and analysis
|
|
|
06 Jul 2007
Security firm BitDefender has warned of a new email threat using Hotmail and Yahoo Mail accounts to send spam.
Trojan.Spammer.HotLan.A uses automatically generated email accounts, suggesting that spammers have found a way to bypass so-called Captcha systems.
Captcha works by preventing new accounts being created until the creator correctly identifies the letters depicted in an image.
Every active copy of the Trojan accesses an account, and pulls encrypted spam emails from a website. It then decrypts the emails and sends them to valid addresses taken from yet another website.
"There are only about 500 or so new accounts being created every hour," said Viorel Canja, head of BitDefender's antivirus lab.
"But we have seen at least 15,000 Hotmail accounts being used so far. It is hard to estimate how many spam emails have already been sent."
The spam currently being distributed attempts to lure users to a site advertising pharmacy products. Common spam techniques are used in the email body, such as random word generation and a random email subject.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Python Developer / Python Django Team Leader London 55k...
Java Architect / Application Architect London 70k...
SQL Server Developer SQL Server Banking SQL Server...
User Interface Developer / UI Developer / User interface...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
The creation of email accounts is probably semi-automatic
In my humble opinion, captcha is not circumvented: the creation of email accounts is semi-automatic: Explanation: BitDefender declares : "Viorel Canja, head of BitDefender's anti-virus labs, said there are "only" about 500 or so new accounts being created in this attack every hour , and 15,000-plus Hotmail accounts had already been used. I think that the attack could be semi-automatic: automatique resgistration, automatic display of the captcha in a simple GUI, MANUAL entry of the captcha value, automatic validation, and so on. 500 email account per hour is one every 7 seconds: just enough for a person to enter a captcha value on the keyboard. To the rythm, you only have to pay a few dollar some "dumb" people to do the job. 2) Some interpretation of the BitDefender's declaration are not always objective: BitDefender declares: "The Trojan uses automatically generated accounts, suggesting that spammers have found a way to bypass the captcha systems," the company said in a statement. => "Uses" => account are already generated. "Automatically" and "suggesting" are confusing: there is no proof that the accounts creation is automatic (500/hour is very few for an automatic process) => no proof that the captcha system is circumvented. Watch carefully the Trojan descritpion on the BitDefender's website. YOu can see that it is confirmer that it uses EXISTING account " SYMPTOMS: There aren't any obvious symptoms of this malware, except increased internet activity; TECHNICAL DESCRIPTION: The trojan reads from http://[BLOCKED] /wemail/index.php a custom script which it tries to interpret. The script provides the following main actions: - logon into an existing email account (@hotmail, @yahoo or @30gigs); - read from http://[BLOCKED] /base.php coded information about an email to send (To:, Cc:, Subject:, Body:); - decode the email and send it; - try to create new email account(@hotmail, @30gigs, @google); Email accounts have the following pattern: - @hotmail.com - swift3409494vlad45@hotmail.com - @yahoo.com - ClaudiaWilder85@yahoo.com - @yahoo.com - LeonardFernandez@yahoo.com" So we are far away from some interpretation, were it is said that the Trojan creates the email accoutn itself... " En détournant le système de sécurité « Captcha », qui ordonne la reconnaissance de lettres sur une image avant l'ouverture d'un compte, ce virus est capable de créer à la volée des comptes mail , jusqu'à « 500 nouveaux comptes sont créés chaque heure » précise Viorel Canja chercheur chez BitDefender."
Posted by: secumind 12 Jul 2007