Spam attack on Kiwi email

22:29, Feb 10 2013

Telecom says neither it nor outsourced email provider YahooXtra are responsible for a massive malware attack on Kiwi internet users that began over the weekend.

Many internet users have received rogue emails from friends and colleagues who are YahooXtra customers, containing links to websites that are designed to infect their computers with malware.

Telecom said a sophisticated phishing attack on its customers, rather than any breach of YahooXtra's own security, appeared to be responsible.

Telecommunications Users Association chief executive Paul Brislen said a "significant" number of YahooXtra customers - possibly in the thousands - appeared to have had their computers compromised.

Brislen said Telecom's explanation appeared unlikely as the victims included many professionals who he would not normally expect to fall for phishing scams.

But Telecom spokeswoman Jo Jalfon pointed the finger in the direction of a phishing scam that was also reported to have affected Google, the world's largest email provider, that was outlined in a Whaleoil blog.

The perpetrators of that scam appeared to be able to "guess" email addresses that might be known to others and included them in the "To" field of the phishing emails - making it more likely recipients would trust and open them.

That malware attack had "organised crime written all over it", according to the blog, and appeared designed to steal people's credit card details.

Jalfon said it did not know had many customers been affected. It advised those who had to change their Xtra passwords.