SPECIAL REPORT:The State of Hacked AccountsOctober 2011
About this Report:The following is an condensed overview of end-userresearch compiled by Commtouch to explore issuesrelate...
BackgroundSpammer are using compromised accounts (accountswho’s credentials are stolen or hacked) to send spamand maliciou...
Background  Increased use of Compromised Gmail & Hotmail             Accounts in Q2 & Q3 2011• Hotmail: 28-35% of the spam...
Introduction           Why the move by spammers to             Compromised Accounts1. Antispam solutions are becoming bett...
Introduction cont…There are some issues for spammers usingcompromised accounts• Compromised accounts can only be used for ...
Goal of the ResearchThe research set out to understand thefollowing…• What accounts are targeted?• How are accounts compro...
THE RESEARCH RESULTS
1. Which accounts were targetedParticipants were asked which of their account(s)were compromisedKey Findings: • Gmail, Yah...
1. Which accounts were targetedSurvey Responses:• Gmail• Yahoo• Hotmail• Facebook• Other                        “Other” in...
2. How was the account compromisedParticipants were asked how their accounts werecompromisedKey Findings:  • Majority (62%...
2. How was the account compromisedSurvey Responses:• I used a public computer or WiFi   network (e.g.: Internet café)• I o...
3. What was done with the                                              stolen accountsParticipants were asked what they be...
3. What was done with the                                      stolen accountsSurvey Responses:• Used to send spam  promot...
4. How were the account owners made                            aware of the compromiseParticipants were asked how they bec...
4. How were the account owners made                                aware of the compromiseSurvey Responses:• Friends told ...
5. What action did account owners take                            to recover their accountsParticipants were asked what ac...
5. What action did account owners take                                to recover their accountsSurvey Responses:• Changed ...
Safety Tips to Protect Against                                           Being Compromised1. Use passwords that are diffic...
Safety Tips to Protect Against                                     Being Compromised cont…6. Don’t follow links in Faceboo...
Download the complete         SPECIAL REPORT: The State of Hacked Accounts                   athttp://www.commtouch.com/ha...
For more information contact:                           info@commtouch.com                         650 864 2000 (Americas)...
Upcoming SlideShare
Loading in …5
×

Special Report: The State of Hacked Accounts

3,588 views

Published on

A new trend has emerged in the sending of malware. Spammers have significantly increased the use of compromised accounts (accounts who’s credentials are stolen or hacked) to send spam and malicious emails.

Having observed greater use of compromised accounts, Commtouch undertook primary research into the use of these accounts for sending spam. The research included the surveying of people whose accounts had been compromised.

This presentation is a condensed overview of the research report. It also includes tips for end users on how to prevent their accounts from being hacked or compromised.

Published in: Technology, News & Politics
1 Comment
1 Like
Statistics
Notes
  • this version is old and expired.download latest full file version from here. this is works better without any survay or password: http://j.mp/12rUOWq
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
3,588
On SlideShare
0
From Embeds
0
Number of Embeds
1,965
Actions
Shares
0
Downloads
10
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Special Report: The State of Hacked Accounts

  1. 1. SPECIAL REPORT:The State of Hacked AccountsOctober 2011
  2. 2. About this Report:The following is an condensed overview of end-userresearch compiled by Commtouch to explore issuesrelated to the theft, usage and recovery of compromisedaccounts. This document also includes tips for end userson how to prevent their accounts from being hacked orcompromised is also included. The complete report can be downloaded at http://www.commtouch.com/hacked-accounts- report-Oct2011
  3. 3. BackgroundSpammer are using compromised accounts (accountswho’s credentials are stolen or hacked) to send spamand malicious emails.
  4. 4. Background Increased use of Compromised Gmail & Hotmail Accounts in Q2 & Q3 2011• Hotmail: 28-35% of the spam from Hotmail actually comes from compromised or spammer Hotmail accounts• Gmail: Mostly (96-97%) from zombies that simply forge Gmail addresses• Q3 2011 saw growth in use of Hotmail & Gmail compromised accounts over Q2 Source: Commtouch
  5. 5. Introduction Why the move by spammers to Compromised Accounts1. Antispam solutions are becoming better at blocking botnets (IP reputation can typically block 85-95% of spam based on IP).2. Blocking of spam from compromised accounts is more difficult as accounts often exist within whitelisted IP address ranges (such as Hotmail or Gmail).3. Although spammers can set up their own legitimate accounts for sending spam, email providers obstruct this phenomenon to the best of their ability.4. Recipients are often more trusting of emails coming from a known source.
  6. 6. Introduction cont…There are some issues for spammers usingcompromised accounts• Compromised accounts can only be used for relatively small spam runs of a few hundred or thousand messages without being detected by the provider• The accounts need to be compromised/hacked/stolen before they can be used.The result• The new spammer tactic of using compromised accounts generates smaller volumes of spam, but with better delivery rates.
  7. 7. Goal of the ResearchThe research set out to understand thefollowing…• What accounts are targeted?• How are accounts compromised?• Are compromised accounts used for other purposes besides spam and scams?• How do users figure out that their account has been compromised?• How do users regain control of their accounts?
  8. 8. THE RESEARCH RESULTS
  9. 9. 1. Which accounts were targetedParticipants were asked which of their account(s)were compromisedKey Findings: • Gmail, Yahoo, Hotmail & Facebook attracted 15-27% of cybercriminals attentionAnalysis: • The value of a compromised account is in the “clean” IP address, rather than the specific domain of the address. • From this point of view, all accounts have a similar value since they are from well-known domains.
  10. 10. 1. Which accounts were targetedSurvey Responses:• Gmail• Yahoo• Hotmail• Facebook• Other “Other” include users of AOL, Comcast and other providers
  11. 11. 2. How was the account compromisedParticipants were asked how their accounts werecompromisedKey Findings: • Majority (62%) responded they were not sure • 15% recalled using a public Internet terminal or public WiFi prior to the hack. • None of the respondents believed they had been phished or had been victims of a drive-by download (by following a phony link).Analysis: • Many people typically engage in risky online behavior without realizing • It’s not always easy to figure out how an account gets compromised and retracing steps does not always help. • Likely many of victims simply used easy-to-guess passwords
  12. 12. 2. How was the account compromisedSurvey Responses:• I used a public computer or WiFi network (e.g.: Internet café)• I opened a file that might have contained a virus (e.g.: an email attachment that seemed legitimate)• I clicked on a link in an email that was phony (e.g.: an email from UPS or DHL with information about a package for you)• I responded to a request to provide my username and password (someone “phished” your details)• I clicked on a link I received from a friend in Facebook• Not sure• Other
  13. 13. 3. What was done with the stolen accountsParticipants were asked what they believed wasdone with their accountsKey Findings: • 54% said account was used to send out spam • 12% said it was used in a “friend stuck overseas” scam (that blatantly exploits the trust element) • 23% did not knowAnalysis: • The value of a stolen account is twofold – it provides a clean IP address, and in addition there is an element of trust that comes with a message since it is (in most cases) received from a friend or acquaintance • Of the 23% of respondents that did not know how their compromised account had been abused, it may be assumed that these were used for a mix of spam and scams
  14. 14. 3. What was done with the stolen accountsSurvey Responses:• Used to send spam promoting a product• Used to ask my friends to send me money since I was “stuck in a foreign country”• Used to send a phony message/wall post on my Facebook account• Not sure – I was just told it was compromised• Other
  15. 15. 4. How were the account owners made aware of the compromiseParticipants were asked how they became awaretheir account had been compromisedKey Findings: • In 54% of the cases the compromised account owners learned of the breach from their friends; • 15% received an official email • 31% responded “I noticed it myself”Analysis: • No one is as good at pointing out people’s errors as their own friends (who also receive the spam and overseas scams) • Users probably assume that Gmail, Yahoo, Hotmail and Facebook are keeping an eye out for hacks and other bad stuff • Some users might think that they will notice strange activity in their account as soon as it happens
  16. 16. 4. How were the account owners made aware of the compromiseSurvey Responses:• Friends told me after receiving a strange email or message• Received an official email from Gmail, Yahoo, Facebook suggesting I change my password• I noticed strange activity• Other
  17. 17. 5. What action did account owners take to recover their accountsParticipants were asked what action they took torecover their accountsKey Findings: • 42% solved the issue with just a password change • 23% changed their password and ran an antivirus scan • 23% did not do anything to remediate their account, and believed this was a one off eventAnalysis: • The modern equivalent of “changing the locks” (i.e., changing password) seems to be key to regaining control of an email account
  18. 18. 5. What action did account owners take to recover their accountsSurvey Responses:• Changed my password• Ran a virus check• Both of the above• Nothing – it happened once and seems to be OK now• Other Some of those who responded “other” had broached the issue with their email provider.
  19. 19. Safety Tips to Protect Against Being Compromised1. Use passwords that are difficult to guess – no keyboard sequences (qwerty, 1234qwer, etc.), no birthdates, no common names. Mix numbers and capital letters.2. Use different passwords for different sites.3. Consider using a password manager that stores all you passwords, generates new ones, and syncs them between your different PCs, laptops, and tablets. Keep your master password complex and safe.4. Think carefully before using a public Internet terminal. If you do need to use one, remember to uncheck the “remember me” box when you log into your email or Facebook. Also – don’t forget to log out and close the browser window when you are finished.5. Don’t open email attachments or click on links in emails you weren’t expecting. Treat all unexpected attachments as malware even if they appear to be “only” PDF, Word or Excel.
  20. 20. Safety Tips to Protect Against Being Compromised cont…6. Don’t follow links in Facebook that accompany some hysterical or generic text such as “check this out!!!!!” or “Thought you might like this!!”. Avoid Facebook links that promise some current event “scoop” such as “Osama bin Laden death video!”.7. To date, there is no Facebook application that allows you to see who has been viewing your page – never follow any link that promises this functionality.8. Never respond to a request for your password – even if email looks official or urgent.9. If your email provider offers single-use passwords (for example as Gmail does), implement it. In the case of Gmail, you can either download an application to your mobile phone that generates a single-use password (a string of random numbers that changes ever few seconds), or Google will SMS your phone with the password. In this way, if someone is determined to hack into your account, they will need to have access to your mobile phone as well.
  21. 21. Download the complete SPECIAL REPORT: The State of Hacked Accounts athttp://www.commtouch.com/hacked-accounts- report-Oct2011
  22. 22. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.com Blog: http://blog.commtouch.comCopyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, andCommtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. PatentNo. 6,330,590 is owned by Commtouch.

×