Webmail trojan hits Gmail
A trojan malware strain that is able to set up fake Hotmail and Yahoo accounts in order to send out spam mail, has been adapted and is now targeting Gmail accounts.
The trojan named “HotLan”, automatically creates webmail accounts, which implies that spammer groups have found a way of defeating Captcha systems. This is rather ironic as Captcha systems were brought into existence, specifically to stop spammers and to ensure that all electronic requests were made by humans.
The HotLan trojan first appeared last month. Since then, over 500,000 spam accounts have been created, according to BitDefender, who have been working with Yahoo. Their work together has greatly slowed down the spam from the Yahoo accounts. The downside of this, is that the Hotmail and Gmail are now getting more attention from the trojan.
The HotLan trojan uses a far more complex routine than the standard compromised “zombie” PC. When the trojan is active, it attempts to set up a webmail account and sends the captcha image as an encrypted file to a website controlled by spammers. This site decodes the captcha data and then sends back the correct response to the trojan. Once a webmail account has been activated, many encrypted spam files are then sent from a website onto infected machines. The trojan then decrypts the files and sends them out to a list of addresses.
There were over 500,000 accounts created at Hotmail by the trojan, and 49,000 at Gmail. With regards to shutting these accounts down, Google is winning this battle. Gmail have been deleting accounts within a few days, whereas most Hotmail accounts are still active.
The mail sent by this trojan has mainly been pharmacy related. Bigger t1ts or pen1s anyone?
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Leave a comment