AfterDawn: Tech news

Yahoo, Hotmail users under attack, as well

Written by Andre Yoskowitz @ 04 Jun 2011 1:59 User comments (23)

Yahoo, Hotmail users under attack, as well According to security firm Trend Micro, Gmail isn't the only email service under attack, with Yahoo and Hotmail/Live users seeing some of the same issues that Google's users have in recent weeks.
Google claimed the attacks on its service, mainly to steal account details and emails of prominent US government officials, Chinese political activists and journalists came from China.

It is unclear whether the attacks on the other major email services came from China, as well.

Google contained the phishing campaign, accounts had their security beefed up and the authorities were notified.

The attacks on Hotmail and Yahoo! Mail showed "significant similarities," to the Google attacks, notes Trend Micro in its report.

While the attack on Yahoo seemed a run-of-the-mill attack to steal cookies, the Hotmail attack was much more malicious.

Says Trend (via IBT):



Unlike other email-based attacks that require users to open the message and to click an embedded link or to download and execute an attachment, this attack's execution merely requires users to preview the message in their browsers.

Previous Next  

23 user comments

14.6.2011 14:09

too late, I open it already and I shouldn't of done it because I know I never subscribe to that site. Good thing I never order anything on this laptop.

I open it because gmail doesn't preview the message like hotmail does.

This message has been edited since its posting. Latest edit was made on 04 Jun 2011 @ 2:12

24.6.2011 14:21

Virus' & malware... all executable files in need of 'that', literal execution. You would think the companies that make the software most susceptible to these attacks would just remove the very function that inherently causes the biggest bulk of the outbreaks.

I know there are always exceptions, but at least lower the odds for crying out loud and let some folks use "their" common sense instead of making them look like they don't have any.

34.6.2011 23:05

This is one case where I hope our politicians were full of crap...if a cyber attack is treated as an act of warfare, then we are at war with China...and that is a war that both sides would lose.

45.6.2011 17:19

You would be 100% exactly right... Total ass move to start an international incident because an overweight asshole sitting in his mom's basement covered in 6 layers of his own spooge broke into the Pentagon's servers for absolutely no need of recognition whatsoever.

I do think some of this absurdity, outbreak of cyber stupidity needs to take a breather for a while... I mean, when the US is talking about throwing hardware at the issue... and I'm not talking about sound cards either... maybe it's time to re-assess your prank-ish ways.

This message has been edited since its posting. Latest edit was made on 05 Jun 2011 @ 5:20

56.6.2011 15:41

"outbreak of cyber stupidity" oh come on! Are you trying to say the average user just got stuipd?

That is the funniset thing I heard in a while!

I am so dumb I have hotmail and I don't even know I was attacked. I have goten quite a few messages from friends that what me to click on links that look completely evil. I replied back saying 'what is this' and I got no reply. I just wanted to make sure I wasn't missing anything. I figured if I got a reply that 'sounded' like that user I would click on the link. Maybe they were the attacks. I may be stupid but I am not THAT stupid. The contacts were non techies who just might click on a site with all numbers for its url.

67.6.2011 11:11

Originally posted by Mez:
"outbreak of cyber stupidity" oh come on! Are you trying to say the average user just got stuipd?

That is the funniset thing I heard in a while!
.
I sense either frustration or confusion in my comment, so I'll try to tackle both & hopefully keep from getting kicked off the forums.

What I meant from the "stupidity " reference was a blanket statement in regards to the whole outcome of our world's situation with technology and "SOME" people's interaction with it. I won't make apologies for not having written a novella each time I drop a line in the forums pinpointing a particular group for ridicule so I can spare your feelings. That would be profiling & against forum policy.

Obviously I wasn't after the hackers (which is a misnomer, we know what hackers really are); like they just went retarded and started randomly hitting keys in front of themselves.

I'm saying that the number of cyber attacks have gotten to a level that would bring a normal functioning human being to their knees, cross their eyes, curl one lip and possibly produce involuntary drooling (i.e., stupidity). I would go so far as to equate these individuals as being the same people as the ones who jump in their cars, turn the key and have the audacity to say, "car goes zoom"...

I'm simply saying, a modicum of education into how a computer & software works would solve several of the cyber attack problems. MOST folks, do, have, can, will have this ability and will probably render most of my argument mute in later years. However, until then...

Another simple solution would be for the software manufacturer to remove what was once a welcome feature and let the "unwilling to learn" bitch in lieu of slowing down some of the attacks.

I can also understand not wanting to miss out on a joke or interesting site, but a quick interoffice email or re-check to your friend (hey Bob, did you just send me an email) "without" resending the site address is a good safety measure to cover your ass. Otherwise, god forbid, need I say it (some of us out there don't have it) use Common Sense...

I don't care what measures are put in place, retards are going to think they can do what other higher thinking people can do and they are going to demand they do it... So the more more idiot proof you design that equipment to operate, the more creative the idiot you get to F^%#(* it all up. Murphy's Law.

It wasn't an attack, but if some folks had to have some new shoes...
This message has been edited since its posting. Latest edit was made on 07 Jun 2011 @ 11:29

77.6.2011 13:04

No you didn't get it. Like Dilbert I figure most of us are morons myself included. That has been true since society has protected the stupid from preditors. I am way less of as moron than the average user who is about as savvy as a turd. The average AD user is better informed and it less of a moron than the average user. In the DOS days a total moron couldn't use a computer but once we got into GUI, hey!

I wouldn't take me all that seriously, I don't. I might feel compelled to seriously flame a total moron who believes they are the only ones that know anything. I only make jokes with sentient beings like yourself. (My comment was a joke)

On the serious side, I just emailed Joe Liberman the head of the Cyber security committee for the US. He is coming up with a bill making the PC owner legally culpable for anything that computer does. I carefully explained why that was moronic and why a non-techie like himself shouldn't make laws about tech stuff. I suggested a better tact would be to federally fund a web site that would fully scan your computer for viruses, bot nets etc for free. After a scan, you would not be legally culpable for a month after the scan. If done right, that would improve US security far more than any stupid bill. They really ought to inventory all the files on C: in any sensitive area. If they miss a bot net in a scan and find it later they know where to look for more. That would put the US on the offensive.

87.6.2011 13:57

@Mez...

I get it... Yup, sometimes the humor just doesn't translate in written word like it does on screen or on the stage.

Even I to this day need a good bitch slapping for some acts beyond my control. I'm great with a computer, mechanics and hand carried weapons issued by the military, but you ask me to take care of myself in a healthy fashion... I can hear a meaty smack already.

Maybe I should have said "being ignorant of something" is one thing (not knowing is forgivable), "being stupid" is having the knowledge and continuing to do the wrong thing knowing the ill effects anyway. THAT'S why my blog whines & carries on about common sense & how punishment should more befitting. Having said that, my ass has a much bigger check to pay now that I think about it...

I believe I'm with you in that I'm tired of paying for others mistakes. I like the GUI environment. I can move around much quicker and get more work done. But I'm also a professional photographer. I was also a combat photographer. I'm also a disabled veteran. I was denied Soc. Sec. benefits because this idiot judge (yup, a black robe wearing twat, believe it or not) basically said she could do my job. Even though I have a $50K college degree, 9 months of military training & 6 years in the service. OK, yeah, she can do my job.

Not that I want to start "anything" politics (people get too fired up), but it seems to me government as a whole want to micromanage the little guy and let the big guy wander around like an unchecked bull in an unfenced field. It's a little scarey at times. And it ain't just the US either.

So yeah, I feel your pain. Or at least I think I do.

97.6.2011 16:16

Originally posted by LordRuss:
@Mez...
I'm also a disabled veteran. I was denied Soc. Sec. benefits because this idiot judge (yup, a black robe wearing twat, believe it or not) basically said she could do my job. Even though I have a $50K college degree, 9 months of military training & 6 years in the service. OK, yeah, she can do my job.
quote]
What war?

If anyone ought to get something from the government it is the veterans. Instead we want to give it all to foreigners. They are going broke in the UK servicing all the foreigners that come for a free ride. At least our illegal’s come to work. 80% of the immigrants of 2009 have not secured a job. When polled the majority state they have no intention of working. The more they service the more come. They all have friends and relitives that want to improve their life and not have to work for it. If they don't wise up, they will be destroyed by their own stupidity.

107.6.2011 17:16

I think I did a blog about "politically correcting" and "morally superior-ing" ourselves into extinction here a little while ago... or as senior moments go, I am planning on it.

Without disrupting/violating the forum rules and going completely off topic, yes, you have a point... Our collective arrogance & superiority complex just might be our undoing. If I am reading you correctly?

Otherwise, I may be running dangerously close to commenting on political/social & religious views unsuitable for this forum. Part & partial a dangerous subject I don't even bother to write heavily about either. Not that I don't like the death threats... I just get bored with the penis adds after a while just like the next guy...

So why doesn't the government just put M$ freebie malware free-for-all on all their machines? Not that I haven't studied it all that hard, but wouldn't that kinda take care of the problem state side?

117.6.2011 20:19

What I was suggesting would be a gold plated state of the art scanner. Way better than anything on the market getting input from NSA and any other hot shot fed org. The emphasis would be on bot nets. They present the biggest threat to US security. Any real cyberattack attack will come from a bot net. You would have tens of thousands of computers doing all sorts of things like 'blowing up' all the electric generators in the US. This could be carried out by computers in the US owned by morons, till the power fails.

128.6.2011 04:31

no one will take responsibility if they make a scanner or program that doesnt work 100% (theres usually a disclaimer somewhere in the licence agreement).

138.6.2011 05:13

Originally posted by Mez:
What I was suggesting would be a gold plated state of the art scanner. Way better than anything on the market getting input from NSA and any other hot shot fed org. The emphasis would be on bot nets. They present the biggest threat to US security. Any real cyberattack attack will come from a bot net. You would have tens of thousands of computers doing all sorts of things like 'blowing up' all the electric generators in the US. This could be carried out by computers in the US owned by morons, till the power fails.
You want a GOVERNMENT website that would scan my entire computer once a month? How long do you think it would take before that became practically mandatory? Do you really think they would stick to just scanning for things that I don't want? And even assuming that you are perfectly happy with the government having Orwellian monitoring on your PC, what happens to the data they collect? It gets dumped onto some DoD server that any 12-year-old can hack; the DoD servers get hacked so often that it doesn't even make the news anymore.

Sure, they wouldn't call it mandatory...but if I got a virus and cleaned it the next day, I would be charged with a serious offense, while someone who did the 1984-style scan could have the same virus for an entire month, and they would be charged with nothing.

On top of all those issues, we are talking about the government; when have they ever done anything correctly? How many days do you think would pass before someone added some critical windows file to a list of viruses that should be deleted?

I just had a realization...maybe these Orwellian politicians actually think that the voters want to be government slaves; after all, people keep emailing them and asking for it.

148.6.2011 09:49

I would not expect you to use it. I suspect you are in the top 10% in tech skill of the world’s users. Still you might have a bot net on your computer.

I wouldn't use it! Well maybe, I have cleaned up my act so maybe I would but not before I went over my computer with a fine tooth comb.

The point is, not everyone is technical enough to thoroughly check and remove bot nets from their computer. I load 2 viral scanners in parallel at start up and run a third once a week. I do a full blown scan maybe once a month since that takes a few hrs with about 10 different apps. I very rarely find anything with the weekly. I am MOST disturbed that more than once a year I find something with the monthly. These are bot nets. They usually have the same name as an app that is allowed to pass the firewall but it resides in a weird place not where it ought to be. They don't show up as malware because they are not a virus. They show up on short lists of apps having super privileges for review. I have no idea how they get there. Few users have the patience and the expertise to review these lists even if they had the software.

I made the suggestion not a politician. He wants to jail the owners of computers that do something bad. I told him that wasn’t very fair since probably half the users will be innocent. Although my main reasoning was to shoot across his bow, I do think the idea is of merit. I was just hoping to slow him down. I doubt that it will. It is easier to shoot first and ask questions later. Obama’s first money came from the media. He promised to crack down on copywrite infringement. The US economy is getting worse not better so he may not have a second term. His approval rating is eroding since the Bin Ladden high. He needs to crush the copywrite offenders now.

I suspect you would notice a drop in perceived bandwidth and get to the bottom of it so this is not all that important to you. That is how I found my first bot net on my computer. If you do have a bot net on your computer and it does something so that the authorities come to your house you are dead. They will take ALL your computer equipment and look for any wrong doing. So even though you were innocent of the attack they will nail you for anything else they find. I know persons that had their door smashed in. I know I would not survive that. Although my computer is pretty clean my house is not.

158.6.2011 10:06

Originally posted by xboxdvl2:
no one will take responsibility if they make a scanner or program that doesnt work 100% (theres usually a disclaimer somewhere in the licence agreement).
Yes, there are 1000 reasons why this project is not viable. The biggest killer is the law makers and the fed are skilled in passing the buck. This like NASA offers little wiggle room. In this political climate, no one will step up. It is far safer to go after the innocent then you have so many entities to blame it will be no one’s fault. This is the perfect fed solution. Spend lots of money to make lots of action but few results.

168.6.2011 11:15

if the government could scan my computer for malware and delete it (without looking at anything else)would be good.chances are the government will go through every file on the computer looking for pirated software or anything else that isnt 100%legit.they'd probably keep your i.p number for there records maybe even put a keylogger on your computer.

my computer might have a bot on it,might have malware on it.i ran scans (regularly) and sometimes i find and delete malware.no ones computer is immune but if mine starts acting strange i notice and do something about it or ask people who will help me fix it (sometimes on afterdawn forums).

dont know how it is in usa or england but in australia cops raid houses for drugs/guns and not pirated software/music/movies unless your actually profitting from it.

178.6.2011 14:57

Again active AD members are much more savvy than your average user like my brother in law. They can bairly use their internet because all the band width is taken by hackers. He claims that is impossible because he doesn't have a network in his house. I know he as at least 2 computers that have internet access and only one line coming in. He has a network but it isn't what he thinks of as a network. I have given up trying to talk sense into him. He is an archetect so he is smarter than a lot of users. That fool could be harboring 100 bot nets and he would contend there is no such thing.

Scan your computer of course, key logger no. Not only is it too much work to use the data, but is not legal.

In the case of busting down your door, that can only happen with a warrent. In the case I knew 2 persons that thier computers were part of a bot net attack on the Pentagon. I forget how many computers were involved but the number was in the tens of thousands. They assumed every household had armed terrorists in them. You would think they would lighten up after the first 10,000 but maybe they stubled into drug lords, etc who were armed.

They are starting to get warrents for copywrite infringeement in the US and else where. I think it started somewhere in the UK but the US picked it up. A hired agent downloads a torrent job using a modified client to record the ip address of each user in the swarm they got a block from. After they get a block I bet they drop that connection and get another. That information is enough for probable cause if you have the right judge. They might not bang in your door for that but the result is the same. This started with games, then newly released movies. I figure it will slowly move to everything else because it is very successful at raising money. Because the process is very slow, coming after you 6-12 months after the down load you have no idea how far reaching this process is rith now. They settle at 'bargan prices', a few grand. As long as these schemes make money they will continue to expand in scope. As long as they keep the settlement at the nusance level people settle instead of going to court and risk at least 6 figure settlements they will continue to make money. The processes derail when they ask more than a nusance amount. People figure they may as well hire a lawyer and they never get their money and need to spend large sums. I bet they never got a dime from Jamie Thomas.

I figured I wanted to quit while I was ahead, so my computer is fairly clean these days.

This message has been edited since its posting. Latest edit was made on 09 Jun 2011 @ 9:02

189.6.2011 08:53

Holy crap! I was reading a free newspaper that comes out once a week that has superior articles in it. Apparently, in this incident they went after senior govt officials with a 'spear phishing' scam. How stupid can you get? 'spear phishing' tricks you into sending your password or some other key information! Too bad this article didn't relate the method. That isn't much of a threat unless you are truly ignorant. How dumb can you get!

This isn't even worthy of discussion. This was the work of rank amateurs. Any competent would have at least used a bot net to set up the email accounts so they couldn’t be traced back to China. Maybe this is a ploy to make the West more complacent. Could they really be that stupid???? I guess some US senior officials are even more stupid.

199.6.2011 13:00

As I see it, its the really young kids and the elderly that get slammed with these slightly stupid scams which allows for the more airhead scams to become acceptable to float to the top.

Improbable? Think of it like this... You trash your like a third world country. You have wrappers, pizza boxes with 3 weeks of different half eaten shit that even insects won't touch, laundry of subtle layers of decay going on, even 4 different "love towels" in each corner of your room, but the room is such a wreck how the hell do you even know that there is actual 4 right angles? Anyway, you've been living like this for so long that you've become accustom to it. So once someone busts you out & tells to you clean your act up - you nut up & do the deed... but here's the phenomenon I speak of.

Some stuff gets thrown under the bed. A bunch gets thrown out. You actually "do" get organized, however, you probably don't dust, you probably don't take the wrapped food (sealed) items out of the room & put it in the kitchen, you'll probably leave a few dishes stacked in your room; and even though the room will be "cleaned" it won't be. It'll be "cleaner than what it was", but not actually "clean".

My point being here is that folks that know what they are doing within the computing community are so wrapped up with trying to keep young/old/retarded folks from getting the rest of us blown up (figure of speech here, let's not just fly off the handle folks) that we "might" get lax & forget to look for the stupid shite and accidentally breeze over a half assed scam.

I know it's a lousy excuse for some folks & that I'm just making an excuse for "them". I use diligence at all times, but like you've (anybody out there [blanket statement]) never made a mistake? Most of the raincoat, spooge covered, coat hanger, 'back alley asshole babies that got better' that make up these scams (the good ones)don't want to catch ignorant people anyway. They statistically don't have money & they know it.

Look, you can make all the laws you want. Has a "law" stopped anyone from doing whatever they really want to do? A law is reactionary, plain & simple. We need something proactive & for this particular forum comment I don't have a simple solution. Well... a zombie apocalypse might work, but that ain't simple & nor will it be taken seriously. But having said that, what would be a "proactive" solution... We have the "bot" from above, but people want to vote & make money from it... You know what that means... Sodomy is next...

You know I'm right.

This message has been edited since its posting. Latest edit was made on 09 Jun 2011 @ 1:07

209.6.2011 13:25

I pay taxes because of a law. Laws are extremely effective if breakage is easy to detect.

The rest, I am not sure I even follow your logic...

I am married so I got to throw out the pizza box right after the meal. It can't sit there for 3 weeks. That is a real long time for a large piece of trash with food sticking to it to be still in your house attracting what ever.

219.6.2011 14:47

True... laws are wonderful for getting rid of folks after I've been sodomized. Thus I'm grateful (as I'm sure other folks are) that this individual will stopped from doing it to another in the future. I'm kinda interested in stopping the sodomy before it hovers over my ass. Or how can we stop a cyber attack before it tries to take place.

My wordiness was a silly comedic attempt at trying to get at solving this problem. I was also saying that our legal system is also going to look at it post-problem.

I propose we stop playing a "What If" game in the cyber attack scenario and now look at it as the actual entity that it is.

Part of me says this, we know there are thieves in the world; yes? So manufacturers makes locks for your front doors. It's up to us to lock our doors and be vigilant. Apply the a similar tactic to a firearm. Not only do you have a lock box for the firearm, but the use of the firearm has a safety on itself to maintain another level of protection. Again, training and procedures are necessary for it's proper use. Otherwise, you don't get to use it.

We're supposed to get the same thing for a car & a motorcycle, but you get the idea.

Now we have devices on our desks that maintain highly subjective, confidential, (dare I say) at times volatile information in need of encryption. Why shouldn't we subject to possibly being tested as to whether an individual have a license to have a machine on their person capable of managing this information.

That's not to say you can't have all the game machines & stuff you want, you just can't have computers... I say test out like you do at the DMV. Granted... who's to say I may not have just shot myself in the foot, but then that will just have to be the way it goes.

229.6.2011 14:57

I get that thought. Even though it might be a good idea I doubt if would fly. Next they may want to test you before you have kids, an even smarter idea that will not fly. Who knows we might even want a competency test for candidates running for office an even smarter idea that will not fly.

2314.6.2011 19:01

Aside from the topic itself..
This discussion was fascinating/intriguing.
I have given hard copy to several thinking people.
Especially those with a developed sense of tech-humor.
BigThanks.

Comments have been disabled for this article.

News archive