Home > News > Key-logging behind web mail scam More than 30,000 account details have been posted online

Key-logging behind web mail scam More than 30,000 account details have been posted online


Gmail screen grabVictims of an industry-wide email scam could have been part of a so-called key-logging attack, according to one security expert.

More than 30,000 account details have been posted online Amichai Shulman from security firm Imperva said the high numbers of victims suggested this type of attack.

Unlike a traditional phishing scam, which lures people into revealing their details on fake websites, key-logging records individual key strokes.

In some cases the malware could have been downloaded automatically.

The scam was highlighted when several lists, detailing more than 30,000 names and passwords from Hotmail, Google and Yahoo web mail accounts were posted online.

BBC News has seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, which were posted online.

Google is aware of a third list, although it is not clear how many names are on it.

The size of the scam has led Mr Shulman to question whether it is a traditional phishing attack.

Lists ‘common’

“The vast majority of people do not fall prey to phishing attacks and the success rates are around one per 1,000. The fact that even one of these lists contained 10,000 names suggests to me that it was a key-logging scam,” he said.

Key-logging malware can be downloaded from infected websites, of which Mr Shulman estimates there are millions in existence.

Once on a machine it can record every keystroke, including passwords or bank details.

The malware that installs a key-logger can be downloaded automatically although often it requires users to click a box, with common fakes promising system-enhancing or anti-virus software.

The lists, which were posted online at Pastebin, a website where developers share code, are not unusual, according to Mr Shulman.

“That’s the nature of the world we live in and sometimes we get a glimpse inside it. These lists are constantly traded online,” he said.

“The fact that the lists became public is probably negligence on the part of the hackers,” he added.

According to a report published by MarkMonitor last week, phishing is at a two-year high.

It found that phishers are now targeting payment websites and social networkers as well than the traditional banking websites.

Experts are advising anyone who thinks they might have been affected by the scam to update their anti-virus software and to immediately change their passwords.

It has reopened the debate about how people manage the numerous passwords they have for various web accounts.

It has led one security expert to offer some unusual advice.

“People should write down their web based passwords. That’s one way of making sure that you can remember a “strong” password,” said Sean Sullivan, security advisor at F-Secure.

“This tends to go against the conventional wisdom but it just makes more sense. People use weak passwords because they cannot remember the strong ones.”


Do you have a Gmail, Yahoo, or AOL account? Have you been affected by “phishing” scams? How do you look after your passwords?

Send us your comments.

Advertisements
Categories: News Tags: , ,
  1. April 6, 2010 at 10:59 am

    I am not using GMail anymore, I feel that google is suffering from lack of security and I started to look for a new webmail. I found Shtrudel M@il – http://www.shtrudel.com and as of now I am happy with it. I feel that everybody want to hack GMail or Yahoo mail and not the small unknown webmail providers.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: