The Latest in IT Security

Spam outbreak makes large-scale use of compromised Yahoo, Hotmail, and AOL accounts as well as WordPress sites

11
Oct
2011

An ongoing outbreak is making extensive use of stolen accounts from Yahoo, Hotmail (Live) and AOL accounts. Sample emails sent from these accounts are shown below. A wide range of accounts have been tracked by Commtouch Labs – several thousand for each provider. The emails do not have a subject and simply feature a link in the body of the email.

The links ultimately lead to pharmacy and enhancer websites but are directed via thousands of compromised sites – most of them WordPress. Before being redirected users are shown an initial page hidden within one of the WordPress subdirectories (see image below) which greets clickers with the text:

You are here because one of your friends have invited you

to try our free trial.

Hurry up! Limited quantity available!

We try to be helpful for you.

Page loading, please wait….

A few seconds later the redirect takes users to the enhancer site.

The image below shows:

  • The initial site
  • The final destination enhancer site
  • The actual homepage of the compromised WordPress site.

The large use of compromised accounts illustrates an increasing trend described in Commtouch’s quarterly Internet Threats Trend Report. In addition we have more thoroughly explored the issue of compromised/stolen/hacked accounts in our special report “The state of hacked accounts“.

 

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments