Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Spam outbreak makes large-scale use of compromised Yahoo, Hotmail, and AOL accounts as well as WordPress sites

An ongoing outbreak is making extensive use of stolen accounts from Yahoo, Hotmail (Live) and AOL accounts. Sample emails sent from these accounts are shown below. A wide range of accounts have been tracked by Commtouch Labs – several thousand for each provider. The emails do not have a subject and simply feature a link in the body of the email.

The links ultimately lead to pharmacy and enhancer websites but are directed via thousands of compromised sites – most of them WordPress. Before being redirected users are shown an initial page hidden within one of the WordPress subdirectories (see image below) which greets clickers with the text:

You are here because one of your friends have invited you

to try our free trial.

Hurry up! Limited quantity available!

We try to be helpful for you.

Page loading, please wait….

A few seconds later the redirect takes users to the enhancer site.

The image below shows:

  • The initial site
  • The final destination enhancer site
  • The actual homepage of the compromised WordPress site.

The large use of compromised accounts illustrates an increasing trend described in Commtouch’s quarterly Internet Threats Trend Report. In addition we have more thoroughly explored the issue of compromised/stolen/hacked accounts in our special report “The state of hacked accounts”.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...