IM Accounts Hijacked for Spam

Malware analysts from Vietnamese security vendor Bach Khoa Internetwork Security (Bkis) warn of a new attack targeting Yahoo! Messenger users, whose accounts are stolen and subsequently used to send spam. The researchers are expecting this form of attack to spread and affect other instant messaging applications in the near future.

Bkis' Manager of Application Security Department, Nguyen Minh Duc, originally came across this attack when one of his friends spammed him with a message advertising a weight-loss service. IM-based spam campaigns are nothing new, but, generally, such messages are silently sent when a user logs on from a computer infected with some form of malware, which is actually responsible for their propagation.

However, this was not the case with this attack, as Mr. Minh Duc discovered. "I phoned my friend directly to affirm that he was not at his computer, and even not signed in his Yahoo Messenger account. He definitely had no idea about the weight loss service either. Obviously, the spam was not sent by an automatic program on my friend’s computer," the researcher concludes.

The company detected these attacks starting March 2009, but up until now it has not been aware of how the messages were actually being sent. This type of behavior, where hackers do not change the passwords of compromised accounts and, instead, use them to spam, is specific to social networking worms, but not at all common for instant messaging services.

"The advertisement for weight loss service follows a Buzz!!!," Nguyen Minh Duc notes. "Right now, this is not a popular spamming type. However, in time to come, this may have an increasing trend involving other IM programs as well," he cautions.

Users who have reasons to believe that their accounts have been compromised in this way, are urged to reset and change their password from a clean computer running up-to-date antivirus software. They should try and identify the system from where their login credentials were stolen and run a complete antivirus scan on it, then start using a reliable security suite application.

Bkis is a company based in Hanoi, Vietnam, which specializes in security research and antivirus development. Bkis' flagship product is called Bach Khoa Antivirus (Bkav) and is used by an estimated ten million users, mostly Vietnamese. The company is also one of the founding members of the Asian-Pacific Computer Emergency Response Team (APCERT).