Webmail data leak hype deflated

Rumoured phishing explosion grabs headlines, reality much more mundane.

This week has seen some major news organisations picking up on the story of tens of thousands of sets of webmail access data appearing online, with rumours of a major and highly effective phishing campaign - possibly targeting children - rife across the web. As the initial shouting dies down however, more sober voices have pointed to the probability that much of the data was harvested by malware, and the scale of the data has been shown to be far from spectacular.

Advertise on www.virusbtn.com

The start of the week saw reports from several major news organisations on the discovery of a list of over 10,000 usernames and passwords for Microsoft's Hotmail, the most popular webmail service worldwide. Later reports indicated that the trove covered only the beginning of the alphabet, implying the existence of much more stolen data, and showed that data from other webmail services including Google's Gmail and Yahoo! webmail had also been posted. The stolen credentials were being used to send out spam, mostly promoting highly suspicious online shopping sites.

Initial suggestions that a major phishing campaign had tricked millions of users into handing over their passwords were swiftly followed with wild rumours that the Windows Live system may have been breached and all user data taken. Some analysts observed that many of the usernames and passwords appeared to belong to children, and further rumours started suggesting that the leaks had come from a social networking site popular with children.

As the hype began to calm and this mists began to clear, some more level-headed and insightful experts pointed out that the data represents a tiny fraction of the total of stolen webmail data, and that all webmail services have been prime targets of phishing for many years, as well as being targeted by keyloggers and other data-theft malware. The 'massive phishing attack' heralded by some quickly faded as the data was revealed to be just a tiny part of the massive international trade in stolen personal data.

The mystery of just why the details were made freely available, rather than sold to the highest bidder for spamming purposes, remains unclear.

Initial news reports on the data trove are at the BBC website here, on the Washington Post blog here and here or in The Register here. Later analysis putting the story straight is available from a Trend Micro blog here, from Mary Landesman at ScanSafe here, and again in The Register here. Some interesting analysis of the data, showing the most popular passwords in common use to be fairly weak, is at Sophos here.

09 October 2009

Tags: cybercrime, gmail, hotmail, keylogger, password, phishing, spam, yahoo.    del.icio.us  digg this! digg this

0 comments

Leave a comment

Quick Links

Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments
Jobs Recruit Sidebar
Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
1 hour ago

virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
4 hours ago

VB100 certification

VB100 With another epic haul of 54 products to test this month, the VB test team could have done without the bad behaviour of a number of products: terrible product design, lack of accountability for activities, blatant false alarms in major software, numerous problems detecting the WildList set, and some horrendous instability under pressure. Happily, there were also some good performances to balance things out. John Hawes has the details.
See full results.
Virus Bulletin currently has 208,221 registered users.