I have just received a message from a friend on Yahoo! Messenger saying:
This is an "introduction" for a weight loss service while, ironically, my friend is so skinny. What he needs is to gain, not to lose weight.
Naturally, we immediately think of viruses spreading via Instant Messaging programs which has become popular since the middle of 2006. If the users’ computers are infected with this type of virus, the virus will silently sent out messages to users’ friends when they are chatting. The messages provide links to malicious files or websites.
However, this kind of spamming was completely different. I phoned my friend directly to affirm that he was not at his computer, and even not signed in his Yahoo Messenger account. He definitely had no idea about the weight loss service either. Obviously, the spam was not sent by an automatic program on my friend’s computer.
So who actually was sending spam from my friend’s account?
A high possibility was that spammers had successfully obtained my friend’s password. The hacker did not change the password, blackmail or threaten the victims as in other cases. They silently used the victims’ accounts for spamming purposes by using automatic programs to sign in Yahoo! Messenger.
In fact, this phenomenon has been noticed by Bkis since March 2009. Yahoo Messenger users received messages from their friends with a fixed structure: The advertisement for weight loss service follows a Buzz!!!
Right now, this is not a popular spamming type. However, in time to come, this may have an increasing trend involving other IM programs as well.
Following is the detailed information about the phenomenon:
- Spams spread via IM systems such as: Yahoo, MSN, etc.
- Account owners have no idea that their IDs are being taken advantage of.
- Spams can be sent even when the victims are not signing in the accounts.
- Passwords hacked/revealed
- When spammers have the username and password they can take advantage by signing in Yahoo! Messenger using tool then spread spams.
- For money
The biggest possibility is your password has been stolen. The hackers, however, do not change your password; they just use it for spamming. Thus, the first thing to do is to change your password.
The second thing to consider is: why your password is disclosed? You should use antivirus software to scan your computer and to assure that there is no keylogger running on your system.
Nguyen Minh Duc / Manager - Application Security Department, Bkis