Hotmail and Yahoo Mail hit with similar attacks as GMail, says report

Earlier this week, Google announced that hundreds of its GMail accounts were affected by an attack designed to forward the account's emails to other accounts. Google claims that the attacks originated from China and while they did not directly blame the Chinese government for the attacks that didn't stop that government from denying any involvement. Now a new report from Trend Micro says that similar attacks have also affected accounts recently for Microsoft's Hotmail and Yahoo's Yahoo Mail services.

According to the report, Trend Micro team members found  a "phishing" attack on Hotmail that disguised itself as an email from Facebook's security team. The report says that users would be affected by the email just by previewing it rather than opening the email up. In addition the report states, "We recently alerted Yahoo! of an attempt to exploit Yahoo! Email by stealing users’ cookies in order to gain access to their email accounts. While this attempt appeared to fail, it does signify that attackers are attempting to attack Yahoo! Email users as well."

While these kinds of attacks may be hard to defend against there are some clues that a user of web-based email system can use to fight off against these "phishing" attacks. Trend Micro says that users can look for spelling or grammatical errors in these so-called "official" emails. Also you can use a two step email verification system to help make sure any emails you receive are genuine. Trend Micro also decided to promote its own software programs at the end of the report for defense against malicious emails.

Report a problem with article
Previous Story

Sony's Playstation Network still not safe from hackers, says expert

Next Story

Groupon files for IPO

12 Comments

China needs to make a large scale crackdown on this mess. Tired of hearing about things getting hacked. Also, the US and others need to crack down on those hacking Sony to death lol. Its getting rediculous.

dtboos said,
China needs to make a large scale crackdown on this mess. Tired of hearing about things getting hacked. Also, the US and others need to crack down on those hacking Sony to death lol. Its getting rediculous.

so true.. if its not the government they need to do something to stop this in china.. its strange since they have the internet more under control over there then in the US

dtboos said,
China needs to make a large scale crackdown on this mess. Tired of hearing about things getting hacked. Also, the US and others need to crack down on those hacking Sony to death lol. Its getting rediculous.

I agree, 90% of hacking on the Internet originates from China. And yeah it's beginning to **** me *** as well. What did the US say about any country hacking their facilities and undermined the integrity, infrastructure and security of the United States will take Military Action. It's a bit harsh but what else can one do... when competent individuals know full well were the hacking is coming from...?

dtboos said,
China needs to make a large scale crackdown on this mess. Tired of hearing about things getting hacked. Also, the US and others need to crack down on those hacking Sony to death lol. Its getting rediculous.

at the same time you can't forget that it's the user that do all the damage.
also don't know about yahoo and hotmail but Gmail have a security feature that validate the mail address from such services like paypal etc.
Anyway most of these website never use link in their email

Hackers are crazy these days! They're becoming a real threat. I wouldn't be surprised if there's a new law or something to punish in a harder way this kind of actions

daniel_rh said,
Hackers are crazy these days! They're becoming a real threat. I wouldn't be surprised if there's a new law or something to punish in a harder way this kind of actions

It's a crime, againts millions of ppl. It should be punished real hard.

I think I got this email in Hotmail. IIRC, it was labelled as a phishing scam, so its contents were blocked. I just reported it and that was that.

If someone walked into a bank and stole million's of people's personal infomation, they would go to prison for a long ass time. And yet they can't even find these people....

It's not like the two guys from lulzsec are hiding very well there are even pictures of them online. They are almost yelling HERE WE ARE and nothign is happening.

BTW, this part seems to be missed if the article and original exploit was researched:

"...through a vulnerability in Hotmail, which Microsoft has already fixed...."

So this is not a new threat or something to worry about, but an exploit that was found and fixed almost immediately on the Hotmail/Live servers.

This also only worked in a 'browser', accessing Hotmail/Live email from inside Outlook or Windows Live Mail would not have been affected. (Which is a good reason to use an email client like these for even your Web based email accounts when you are at your own computer.)

PS Microsoft's mail services are more than 'hotmail' as there are Passport/LiveID options for users to access email from any system in addition to the @live.com and @hotmail.com web based email servers. Every trace of the report going back to the original exploit that was discovered labeled them all as Microsoft Hotmail, which is inaccurate, and could be dangerous in the future, if there ever is a real threat, and @live.com users might not realize it affects them. (Also hotmail is a name and term being mothballed at Microsoft, with Live replacing it, and only is kept for email address domain reasons.)

Commenting is disabled on this article.