Gmail Spear Phishing Attack May Affect Hotmail, Yahoo Mail


Security researchers say that a Gmail spear phishing attack targeting high-profile users might have spread to Hotmail and Yahoo Mail services, while it remains uncertain if the attack, originating from China, was state-sponsored.

Google disclosed earlier this week that hundreds of Gmail users, including military personnel, senior U.S. government officials, Chinese political activists, South Korean officials and journalists, were targeted in a sophisticated spear phishing attack , appearing to be sourced from Jinan, China, that attempted to infiltrate their e-mail accounts and monitor communications.

The attackers were able to hijack user accounts by employing social engineering scams that enticed victims to click on links that redirected them to phony Gmail login sites. In reality, the fake login sites were created by the hackers to trick users into submitting passwords.

The Gmail spear phishing attacks follow almost two months after Google reported that attackers were exploiting a publicly-disclosed MHTML vulnerability targeting journalists and political activists using its services.

Independent security researcher Greg Walton reported that the Gmail vulnerability exploit, affecting users running Internet Explorer, was targeting journalists and political activists , propagating with a phishing message spread over Facebook.

Recently, researchers at Trend Micro found that Hotmail and Yahoo Mail fell victim to similar phishing attacks, although it’s unclear if the attacks affecting Gmail were related.

During the attack against Hotmail, users were subjected to a phishing e-mail that pretended to be from the Facebook security team. Users became infected with malware simply by opening the e-mail, without be required to click on a malicious link.

In addition, Yahoo Mail users were also targeted in an attack that attempted to swipe users’ cookies in order to access their e-mail accounts. During the attack, miscreants sent Yahoo Mail users an e-mail containing two attachments, one being a malicious document and the other a flawed cross-site scripting exploit, ultimately rendering the attack unsuccessful.

Nart Villeneuve, Trend Micro senior threat researcher, said in a blog post that the diverse series of attacks against e-mail services indicate that attackers are finding new and increasingly sophisticated ways to infiltrate users’ Web mail accounts and access their information.

“These events demonstrate that in addition to targeted attacks that encourage users to open malicious attachments, usually PDF and .DOC files, attackers are also attempting to exploit vulnerabilities in popular Web mail services in order to compromise Web mail accounts, to monitor communications and to gain information in order to stage future attacks,” he said.

Mike Paquette, chief strategy officer at Top Layer, said that while the motivations for phishing continue to be identity and IP theft as well as political activism, the recent Gmail and other Web mail attacks indicate the growing trend of phishing becoming more complex and automated as users become savvier to perpetrators' tactics.

“Phishing attacks are becoming more targeted and are using more target-relevant context to lure the recipients into providing information,” Paquette said. “Phishing attacks are requiring less user intervention. In fact, today, many of these attacks are no longer directly asking users to provide sensitive information, but instead rely on tempting the user to click on a hyperlink, launching their Web browser to a malicious Web site that will remotely exploit their computer, depositing malware that will simply steal the sensitive information and extricate it.”

Next: Researchers Say Phishing Attack Origin Still Uncertain