Email attack spreads, dozy password protection won't help
The phishing attack we first alerted you to on Monday is spreading to other webmail services besides Hotmail and is self-propagating, sending emails to online contacts that point to fake sites. Attacks like this are obviously nothing new, but this particular one is getting a lot of attention because of the scale of the problem.
It may not even be a standard phishing attack, where users bring about their own demise by bashing personal details and passwords into fake websites - one online security gob-on-a-stick quoted by the BBC believes it may be a key-logging attack. The attacks have also spread far beyond Hotmail accounts; there's been a sharp rise in spam emails from Yahoo and Gmail accounts since the attacks began, and AOL accounts have also been compromised.
Not that you'd necessarily need complex keyword-logging malware to compromise some email accounts. Acunetix has been combing through the original list of 10,000 Hotmail accounts and passwords that appeared on Monday. It seems that despite all the warnings, plenty of people don't have the capacity to remember a password beyond the bleeding obvious. The most common password found was 123456, followed by 123456789. Plenty more users have their own name as their password, while nearly half use only letters, rather than a mix of letters and numbers.