Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User bobble_bob
(experienced) Sun 03-Mar-13 11:28:08
Print Post

Strange email (spoofing?)


[link to this post]
 
Got a few different email accounts, and just got an email sent to my Hotmail account from my Yahoo Account. Subject was just my name, and had some dodgy link which i didnt click. I looked and a few other addresses were copied into the message (from what i can see, websites ive used to buy things from using that email address).

Anyway went into my Yahoo account and got a few "delivery failed" messages which were the email addresses copied in that are probably no longer active. No sign that my Yahoo account has been hacked and PC scan is clean.

Few weird things tho - Dunno how they got my password. Its unique to just that email address and isnt used for anything else, PC is clean and plus i hardly type it in as its auto log in. Email wasnt sent to all contacts but only a few (plus a fake email address ive never heard of). Normally they just mass email the whole contact list. Nothing in sent or deleted items (i know these can be deleted tho)

So is it just someone spoofing my email address or what?
Standard User bobble_bob
(experienced) Sun 03-Mar-13 11:45:22
Print Post

Re: Strange email (spoofing?)


[re: bobble_bob] [link to this post]
 
To add, 2 other people on another forum had this happen to them within the last 24 hours. Something going on with Yahoo Mail?
Standard User shinerweb
(newbie) Sun 03-Mar-13 13:03:03
Print Post

Re: Strange email (spoofing?)


[re: bobble_bob] [link to this post]
 
I'd concur that something strange is definitely going on with Yahoo.

I've now received a whole series of Spamvertised links within emails from Yahoo users, but strangely, I've also recevied them from multiple BT Internet users...
BT Internet uses the Yahoo email system.

Some of the BT Users are people I know wouldn't fall for phishing.

I've had 100's of these emails hit my servers over the past 3 days when it first started from over 50 different yahoo accounts.

I've got a Yahoo account myself, and have had a quick look but nothing there so far.
In a previous security breach, the hackers would login to your Yahoo account, send the email and you could see it in your "Sent" folder.
A later version of the hack would delete the message from your "Sent" folder to try and hide it, but you could then find it in your "Trash" folder.

If you have a Yahoo account, it is worth changing the password to a strong/secure password, and keeping an eye on the Sent/Spam folder.

If you start seeing emails in your inbox from "mailer-daemon" or a bunch of returned/blocked emails, it's a good bet your own account has been compromised...

I get the feeling we are going to be reading about this in the news later this week...

Evernote had to do a mass reset of 50Million user account passwords yesterday when they detected a security break into their servers...
It seems the bad guys are having a push on hacking accounts at the moment..

The bulk of the emails I've received on my servers are originating from Romania/India with a few spread elsewhere. It appears that they are being sent out by a rather large botnet.

I am not 100% convinced that these accounts have been compromised by brute force dictionary attacks/phishing... I definitely smell a security hack at Yahoo...

Chris


Register (or login) on our website and you will not see this ad.

Standard User bobble_bob
(experienced) Sun 03-Mar-13 13:37:43
Print Post

Re: Strange email (spoofing?)


[re: shinerweb] [link to this post]
 
Seems to be too many over a short period of time to be random brute force attacks.Ive now changed my password and deactivated my account, dont use it that much anyway

Edited by bobble_bob (Sun 03-Mar-13 13:38:26)

Standard User shinerweb
(newbie) Sun 03-Mar-13 13:59:30
Print Post

Re: Strange email (spoofing?)


[re: bobble_bob] [link to this post]
 
I did a bit more research, it appears to be linked to a known XSS vulnerability that Yahoo alllegedly fixed a month ago... Perhaps not.
It relies on Yahoo (and therefore BT) users clicking on that link in the email.

See http://tnw.co/ZYZGnK (That's a http://thenextweb.com/ article btw !!)

I'm still not convinced it's a bit more sinister.. Another contact of mine has just been hacked and he swears blind he hasn't even opened his Yahoo/BT email in months and he definitely hasn't clicked on any links (And he uses Firefox and NoScript so the above exploit would not have worked in his case).

I just deleted all of my contacts from my Yahoo account and added a couple of honey traps to see if they pick up anything...

Chris

Standard User bobble_bob
(experienced) Sun 03-Mar-13 14:12:38
Print Post

Re: Strange email (spoofing?)


[re: shinerweb] [link to this post]
 
Yea i use Firefox/Noscripts and i only use my Yahoo mail account when ordering stuff from certain online stores, or signing up to forums so i wouldnt click a link randomly
Standard User bobble_bob
(experienced) Sun 03-Mar-13 14:17:29
Print Post

Re: Strange email (spoofing?)


[re: shinerweb] [link to this post]
 
The link in the email i was sent was for a website called "linkramps"

Doesnt seem a dodgy virus infested site going on a quick Google Search

Edited by bobble_bob (Sun 03-Mar-13 14:18:14)

Standard User Malwaremike
(member) Sun 03-Mar-13 14:32:28
Print Post

Re: Strange email (spoofing?)


[re: bobble_bob] [link to this post]
 
I have connections with a charitable group and have received a couple of emails CC'd to many other members of the group. These are similar to the above and contain nothing but a link which led in one case to a magazine, in the other to a company site, both in the US and both apparently genuine. My mail is with BT/yahoo.

One of the emails resolves to Hanoi, Vietnam, the second to Indonesia, the third to India. Probably all spoofed. So what's going on here? If we click on the links does this simply confirm our addresses to the senders for spam or malware? I've done a full scan but Kaspersky sees nothing amiss.

EDITED TO ADD: This is hitting the BT forums http://community.bt.com/t5/Other-BB-Queries/BT-email...
Looks as if BT Yahoo may have been hit

Edited by Malwaremike (Sun 03-Mar-13 17:09:45)

Standard User clyde123
(learned) Sun 03-Mar-13 22:53:23
Print Post

Re: Strange email (spoofing?)


[re: bobble_bob] [link to this post]
 
Yes, a customer had exactly the same thing - messages sent out at 0140 on Saturday morning. He swears PC was switched of, etc etc.
And Yes - it's a YAHOO email account.
Standard User Banger
(eat-sleep-adslguide) Mon 04-Mar-13 01:38:27
Print Post

Re: Strange email (spoofing?)


[re: bobble_bob] [link to this post]
 
Strange. My Dad got an email from a Vicar he had contacted asking for money as she was stuck in the Philipinnes. It was a Yahoo email but hers was a blueyonder address. This was last week seems Yahoo is the scammers choice. He tried to phone her to warn her but just had to leave a message on her answer machine.

Tim
www.vivaciti.net & freenetname
Billion 7800 on 24 Meg Variety LLU
My Broadband Speed Test
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to