Given the number of malicious web sites that con users into surrendering their address books (quite often so that they can forge spam in their name) and the number of compromised accounts (particularly at freemail providers) and the number of compromised end-user systems...this isn't particularly surprising. What's mildly surprising is that it's taken this long for spammers to really start exploiting the tactic. But we can expect them to increasingly exploit the social graph, so frankly it doesn't really matter which malware is responsible or what anyone does about it: there will be new malware tomorrow which facilitates the same thing.
---rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
