Hotmail Password Phishing Update: "all Your Credentials Are Belong To Us"
A new wave of details and even more questions related to the disclosure of Hotmail, MSN, and Live! credentials were recently revealed by Neowin.com. The BBC reported on another 20,000 credentials posted on pastebin.com. They also disclosed that Google found a third list of credentials of undisclosed size.
The credentials were not limited to Microsoft services; they also included Yahoo!, Gmail, AOL, Comcast, and Earthlink. The breadth and scope of this is intriguing as Microsoft and Google both have made statements insisting it is the result of phishing.
I am not willing to say it is not phishing, or related to phishing; however, it could be a combination of attacks leading to this large quantity of compromised accounts. Many trojans and other malware capture and upload any credentials cached by Internet Explorer and Firefox.
I recently mentioned the chance this was related to a MSN Messenger friends block verification scam that was popular at the end of August and beginning of September. Earlier, SophosLabs reported on a similar scam targeting Microsoft passwords. This alone implies that if it is only phishing, multiple tactics were taken.
Many users have expressed concern to me today regarding the difficulty
Click here to continue reading
