Websense Security Labs
来源:百度文库 编辑:神马文学网 时间:2024/05/20 22:08:24
Websense Security Labs ThreatSeeker™ technology hasdiscovered that Windows Live Mail accounts have been targeted in recentspammer tactics. In these recent attacks, spammers have managed tocreate bots that are capable of signing up and creating random LiveMail accounts that could be used for a wide range of subsequentattacks.
Windows Live Mail is a part of the Microsoft Windows Live portfolio ofservices. It is a free webmail service by Microsoft. It was firstannounced on November 1, 2005 as an update to the Microsoft MSN Hotmailservice. Its worldwide release was on May 7, 2007, and roll-out to allexisting users was completed in October 2007.
Websense believes that there are three main advantages to this approachfor the spammers. First, the Microsoft domain is unlikely to beblacklisted. Second, they are free to sign up. And third, it may behard to keep track of them as there are millions of users worldwideusing the service.
Let’s see how this process is automated.
First, the bot is observed to request the Live Mail registration pageand it begins filling in the necessary form fields (as any ordinaryuser would be required to) with random data. When it comes to theCAPTCHA verification test, the bot sends the CAPTCHA image to itsCAPTCHA breaking service for the text in the image.
Screenshot showing the image sent to the bot’s CAPTCHA breaking service for a break request
Next, we observe the bot receiving a response from the server with the text in the CAPTCHA image.
Screenshot showing the bot receiving the answer of “89YTSJ9W”, whichis the last piece to complete the registration for the Windows LiveMail service
And of course, the spammers have now streamlined the process of mass-registering free email accounts for nefarious purposes.
Screenshot showing the bot repeating this process over and over. Wash, rinse, and repeat.
We note that on average, 1 in every 3 CAPTCHA breaking requests succeeds—setting the bot’s success rate at around 30-35%.
Screenshot of accounts created for spamming
Screenshot of the emails sent by these fake Windows Live Mail accounts
Screenshot of sites where these emails send users
The malicious executables have MD5 fingerprints of ed763fe783cbf45aa8a652964cfb180e and a6eb7adab36c253a13c16fa5c52b27bd.
Websense believes that these accounts could be used by the spammers atany time for a variety of social-engineering attacks in future. A widerange of attacks would be possible using the same account credentialsin other significant and extended Live services offered by MicrosoftCorporation, such as Live Messenger (instant messaging), Live Spaces(online storage), etc.
Bookmark This Post:
Windows Live Mail is a part of the Microsoft Windows Live portfolio ofservices. It is a free webmail service by Microsoft. It was firstannounced on November 1, 2005 as an update to the Microsoft MSN Hotmailservice. Its worldwide release was on May 7, 2007, and roll-out to allexisting users was completed in October 2007.
Websense believes that there are three main advantages to this approachfor the spammers. First, the Microsoft domain is unlikely to beblacklisted. Second, they are free to sign up. And third, it may behard to keep track of them as there are millions of users worldwideusing the service.
Let’s see how this process is automated.
First, the bot is observed to request the Live Mail registration pageand it begins filling in the necessary form fields (as any ordinaryuser would be required to) with random data. When it comes to theCAPTCHA verification test, the bot sends the CAPTCHA image to itsCAPTCHA breaking service for the text in the image.
Screenshot showing the image sent to the bot’s CAPTCHA breaking service for a break request
Next, we observe the bot receiving a response from the server with the text in the CAPTCHA image.
Screenshot showing the bot receiving the answer of “89YTSJ9W”, whichis the last piece to complete the registration for the Windows LiveMail service
And of course, the spammers have now streamlined the process of mass-registering free email accounts for nefarious purposes.
Screenshot showing the bot repeating this process over and over. Wash, rinse, and repeat.
We note that on average, 1 in every 3 CAPTCHA breaking requests succeeds—setting the bot’s success rate at around 30-35%.
Screenshot of accounts created for spamming
Screenshot of the emails sent by these fake Windows Live Mail accounts
Screenshot of sites where these emails send users
The malicious executables have MD5 fingerprints of ed763fe783cbf45aa8a652964cfb180e and a6eb7adab36c253a13c16fa5c52b27bd.
Websense believes that these accounts could be used by the spammers atany time for a variety of social-engineering attacks in future. A widerange of attacks would be possible using the same account credentialsin other significant and extended Live services offered by MicrosoftCorporation, such as Live Messenger (instant messaging), Live Spaces(online storage), etc.
Bookmark This Post:
Websense Security Labs
Security
Redhat security
Websense发全球Web2.0安全调查报告
The Labs: QNX
TD发展大事记 | 移动Labs
【Weblogic Security In Action】
Bluetooth Security Still Wobbly
National Security Agency
Permeo Security Driver使用指南
Security Ressources Sites
Security Ressources Sites
Permeo Security Driver使用指南
Homeland Security Presidential Directiv...
Websense发2007安全预测 Web 2.0问题突显
Websense:给你一个安全的Web 2.0S世界
无线网络安全(wlan security)
Spring安全系统:Acegi Security
david turing [SSO&Enterprise Security]
Introduction to Programing WebLogic Security
Niloo Iis Security Scanner 下载
Bad Faith on Social Security
Solving the Web security challenge
Applet Security (Java Foundation Classes)