back to article Webmail buggers attack Yahoo!, Hotmail users

The high-profile phishing campaign targeting the private Gmail accounts of government officials and political activists is part of a wider pattern of attacks also targeting Hotmail and Yahoo! Mail, according to net security firm Trend Micro. Trend said that whether or not the attacks were related, they were all aimed towards …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Big Brother

    They really want my spam??

    as it is the only thing sent to likes of Yahoo? I'll forward it for them, they just have to ask ;-)

  2. Paul Crawford Silver badge
    Linux

    Is this largely an IE based attack?

    While it is possible the phising attacks are probably quite well crafted, am I right in believing the res:// protocol is a windows/IE only trick?

    Another good reason not to use IE at all, even if you are dedicated to using Windows for other reasons?

    (And before the trolls come out, yes I know all OS are vulnerable to some degree, more so for Trojans, but indulge me this fanboi-baiting luxury given Windows 99.95%+ share of current malware)

    1. boondox
      Pint

      no... all browsers capable of running on Windows are vulnerable

      You're right about the res:// protocol being a Windows only "feature", but due to the CSS flaw of the bug in question, all browsers that can run on Windows are potentially vulnerable, especially as it exploits a hole in all versions of Adobe Flash.

  3. BarryZ
    Megaphone

    Emails with Faked From-Addresses

    Re: "The malicious email, which posed as a message from the Facebook security team"

    Here at 1USA.Com, our mail servers check to make sure that the From-Address, Mail-From address, Return-Path address and Reply-To address are legitimate for the mail server that's sending the email, and that the IP address of the sending mail server resolves.

    As a result, our 1usa.com customers get no spams in their In-Box... unless they invite them in.

    There are protocols to determine if an email is legitimate or not. One is called SPF and the other one that's used by Gmail, Hotmail and Yahoo is called Domain Keys.

    Just having a Domain Key in the header of an email does not indicate that the email is legitimate though.

    1USA.Com has this wonderful mail server that stops spams... but most people would rather go get a 'free' throw-away email account from some other mail server host, then gripe when their bank account is cleaned out. Maybe they need to take Email more seriously... and switch their email service.

    BarryZ

    1USA.com

    Reading PA USA

This topic is closed for new posts.

Other stories you might like