The first wave of malicious spam stemming from the recent rash of compromised e-mail accounts affecting webmail service providers Microsoft Hotmail and Google Gmail is in full swing, and the situation is likely to get worse before it gets better.
That's the word from Websense, a San Diego-based developer of integrated Web, data and e-mail security solutions that has been monitoring the attacks.
Later reports from the BBC and others said the list of hacked e-mail addresses also came from Gmail, Yahoo, AOL, Comcast and EarthLink webmail service accounts.
Lists containing the hacked account information were readily available online.
Fraudsters are already using those hacked accounts to target the victims' contacts with spam e-mails aimed at getting them to make purchases at fake online electronics Web sites, which take orders and money, often bank drafts, but don't send the goods, a Websense spokesperson told ChannelWeb.
Incidences of that type of spam is up between 30 percent and 40 percent in the past week or so compared to normal, the spokesperson said.
Unfortunately, it is difficult to tell if that surge in spam is caused by the people who were responsible for the phishing attacks, or by someone else who had access to the hacked account information, which was available online, the spokesperson said.
The biggest mystery is why the hacked account information was even put online. Phishers usually like to keep such information under control in order to better exploit it for their own gain, the spokesperson said.
The spam generated from the hacked account information and now targeting unwary shoppers is only the first wave of what could come. The information could be used for other purposes, including pointing unwary users towards fake antivirus pop-ups, sites that install key-logging programs, or applications that make them part of a botnet, the Websense spokesperson said.