Trojan creates webmail accounts to send out spam
New trojan evades Captcha security to create webmail accounts and spam victims.
According to research from Romanian anti-virus company BitDefender, a new trojan called Trojan.Spammer.HotLan.A automatically creates email accounts, which it suggested meant that hackers have found a means of bypassing the captcha systems, where new accounts aren't created until the creator correctly rekeys letters within an image.
The trojan then accesses the webmail account, takes encrypted spam from another website, decrypts this spam before sending out spam emails to recipient addresses pulled in from yet another website. The junk mail tries to lure recipients to a website selling pharmaceutical products.
"There are only about 500 or so new accounts being created every hour," claims, Viorel Canja, head of BitDefender's Antivirus Lab research team. "But still, we've seen 15,000-plus Hotmail accounts being used so far. It's hard to estimate how many spam emails have already been sent."
Microsoft couldn't be reach for comment at time of writing and a spokesman from Yahoo told IT PRO's sister publication PC Pro that his company would investigate the claim before making any comments.
Other research has found that senior executive in large companies are the target of email attacks by cybercriminals.
In its monthly report, email security company MessageLabs recorded a sudden surge in the attacks where the recipient was a C-level executive. It found 500 such emails with infected Word documents. The spike was higher than other attacks the company has seen in the past and the number of such attacks appear to be increasing.
Thirty per cent of the attacks targeted chief investment officers, while 11 per cent were chief executives, chief information officers accounted for seven per cent and chief financial officers made up six per cent.
"This evolving trend of increasingly highly personalised attacks emphasises the effort and research in which the bad guys are willing to engage to potentially obtain very lucrative information," said Mark Sunner, chief security analyst at MessageLabs.
He said that social networking tools, such as Facebook, LinkedIn and MySpace that are highly populated with valuable content, personal information and sought-after details, "it is easier than ever for the bad guys to harvest the personal details needed to personalise their attacks."
The company also recently intercepted emails bound for relatives of the intended target with the intent of compromising the family computer and gaining access to confidential correspondence and intellectual property.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download