Spyware, not phishing, caused Hotmail passwords leak, says security guru

**Glaswegian** · 10-08-2009, 02:10 PM

A security researcher at ScanSafe isn't buying Microsoft's and Google's explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack.

Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive lists -- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources -- were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses.

Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those from Windows Live ID, the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online services.

That cache contained about 5,000 Windows Live ID username/password combinations, said Landesman, who found the trove while researching a new piece of malware. "From the organisation [of that cache] and what the data looked like in raw form, I think it's more likely that this latest was the result of keylogging or data theft, not phishing," Landesman said.

She dismissed the idea that the passwords had been collected in a large-scale, industry-wide phishing attack, as Microsoft and Google both maintained.

http://news.techworld.com/security/3...-guru/?olo=rss

10-08-2009, 02:10 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,367 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Spyware, not phishing, caused Hotmail passwords leak, says security guru A security researcher at ScanSafe isn't buying Microsoft's and Google's explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack. Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive lists -- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources -- were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses. Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those from Windows Live ID, the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online services. That cache contained about 5,000 Windows Live ID username/password combinations, said Landesman, who found the trove while researching a new piece of malware. "From the organisation [of that cache] and what the data looked like in raw form, I think it's more likely that this latest was the result of keylogging or data theft, not phishing," Landesman said. She dismissed the idea that the passwords had been collected in a large-scale, industry-wide phishing attack, as Microsoft and Google both maintained. http://news.techworld.com/security/3...-guru/?olo=rss __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner