BKIS – Yahoo IM Accounts Compromised to Distribute Spam

Malware analysts at BKIS (Bach Khoa Internetwork Security), a security vendor in Vietnam, caution end-users that a fresh attack is targeting users of Yahoo! Instant Messenger to steal their accounts and send spam from them.

Nguyen Minh Duc, Manager of Application Security Department, BKIS', first discovered the malicious attack when one of his friends sent him a spam mail promoting a service for weight loss, as reported by SoftPedia on May 18, 2009.

Researchers at BKIS state that the IM-based spam schemes have occurred several times in the past. But such e-mails are generally dispatched when someone log-in his account from a PC infected with malware. This infected PC helps in the distribution of messages.

However, the current attack does not follow this pattern, as Minh Duc discovered. According to him, when he received the spam mail, he called his friend and found that he had neither accessed his Yahoo Messenger account nor knew anything about the weight reducing service. Minh Duc concludes, the spam wasn't dispatched through automatic software from his friend's PC.

According to BKIS, it has been detecting the assaults since March 2009, but it hasn't still been able to determine the way the malicious e-mails are being sent. The security researchers said that the particular behavior in which hackers, instead of changing the passwords to log-in the accounts they hijacked and used them for spamming messages, was the characteristic of social-networking viruses and not common for IM services.

Minh Duc further notes the weight loss advertisement is accompanied with a buzzing sound, a type of spamming that is not popular. But he cautions that it could become a growing trend and use other IM applications too in future.

Thus, the security researchers say that users, who might be thinking that hackers have compromised their accounts in this particular way, would be safe to reset their password from an uninfected computer. They should also try to spot the PC from where the theft of their log-in details occurred, then do a full scan with an antivirus on that system and eventually begin utilizing a dependable security suite.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 5/25/2009