Hotlan trojan focuses on Hotmail, Gmail accounts
By Rene Millman,
Spammers have moved from targeting Yahoo accounts to send out spam and have now focused their attention on Gmail and Hotmail.
Criminals have worked out a way of bypassing the captcha security that should prevent automated systems from creating operational email accounts from which to churn out spam, according to research carried out by anti-virus company BitDefender.
Captcha images are used to ensure that only people and not computers can create an email account. But a new trojan, called HotLan, gets around this by sending off the captcha image in an encrypted form back to a server controlled by a spammer. The image's characters are determined by the server and the solution is sent back to the trojan which inserts the characters into the form and creates the account. The account details are then sent back to the spammer to use to send out unsolicited junk mail.
According to Viorel Canja, head of BitDefender Antivirus Lab, around 514,000 Hotmail accounts were created as of last Friday, as well as about 49,000 Gmail accounts.
"However, it is worth noting that while most of the Hotmail accounts are operational, Gmail accounts get blocked pretty fast, usually about a couple of days after being created," said Canja.
The company said it had managed to devise a signature to combat the trojan threat and had worked with Yahoo to quash attempts by spammers to evade security in Yahoo's email sign-up process. The anti-virus company said that it has offered help to companies affected by the trojan problem.
Microsoft and Google were unavailable for comment at the time of writing.
advertisement
Latest Security Features
IT around the world: Russia
In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?