Trojan Creates Spammers’ Accounts on Gmail & Hotmail
A recently designed Trojan helps to bypass Gmail and Hotmail user verification to set up spammers' accounts.
BitDefender, provider of data security solutions and award-winning anti-virus software, announced on August 8, 2007 that it, jointly with Yahoo security experts, have thwarted criminals' efforts to create Yahoo accounts to push out spam. The criminals would generate new accounts by using their malware, Trojan.Spammer.HotLan.
However, the Trojan developers have moved to generating Gmail and Hotmail accounts to distribute their spam, after finding a way to get around the 'captcha systems' of the two e-mail clients.
Captcha systems are designed to use a certain number of chosen alphanumeric characters that are presented in an image with other components configured to baffle character-recognition software. In this, since only a human being can read and type it correctly, it would be possible to prevent spam bots and other kinds of malware from creating accounts. The captchas try to ensure that humans rather than computers would set up the account, a feature that would suppress this type of abuse on the webmail providers' service.
The HotLan Trojan attempts to generate an account by transmitting the captcha graphic after encrypting it to a Website that the spammer controls. The Website then sends back a solution, which is added to the appropriate region. After this, the Trojan picks up encrypted spam mails from another site, decrypts them and transfers them to active addresses selected from as third site.
In this way, 514,000 Hotmail accounts were set up as of August 3, 2007 and another 49,000 in Google, said Viorel Canja, head of BitDefender AntiVirus Lab. PC Format published Canja's statement on August 8, 2007. But he noted that while Hotmail accounts became operational, Gmail accounts got jammed just after two days of their operation.
Organizations need to understand this new kind of threat, according to BitDefender. The industry normally uses the captcha system to create e-mail and other accounts. However, the onus of finding a solution to this problem lies on Gmail and Hotmail companies. Either they find more efficient security systems or develop an entirely new e-mail system.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 23-08-2007