| E-Mail "Contact List" Hack Not sure if this is the correct forum for my gripe, but what is going on with AT&T, Yahoo, SBC Global etc. E-Mail vulnerability?
Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party!
The end result is what I call a "circle jerk" of spreading chaos by people opening E-Mails from known friends and colleagues.
As far as I can tell, this "hack" is accomplished by opening up E-mails without ANY attachments! And it seems to be stemming from ATT Yahoo accounts ?
The only known solution is to change your E-Mail Password after the fact! Today the hacker is sending out SPAM, but with the users Password in hand, what will he do with it tomorrow?
Can something be done to prevent or avoid further attacks? Anti-Virus and Anti -Malware Programs can't seem to deal with this problem and the ISP is clueless! |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
1 edit | said by mattrixx:Not sure if this is the correct forum for my gripe, but what is going on with AT&T, Yahoo, SBC Global etc. E-Mail vulnerability?
Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party!
I know several people using "at&t Yahoo! HSI" (formerly called, "SBC Yahoo! DSL Service"), and only one had an email account "hacked"; and that was an MSN Internet Service account account. Her account, properly speaking it was stolen, had a weak password, probably easily guessed, or fell to a dictionary attack.
There was a recent spate of "phishing" emails, threatening account holders that their service would be terminated within 36 hours (or 48 hours) if they did not respond by going to a disguised, malicious site and "verifying" their accounts by supplying username and password.
As far as I can tell, this "hack" is accomplished by opening up E-mails without ANY attachments! And it seems to be stemming from ATT Yahoo accounts ?
Not just Yahoo!, either. I've seen reports about Comcast users, and other, having this problem. The two common flaws are weak passwords " and susceptibility to "phishes". No ISP/ESP can fix either human weakness.
BTW, for the relative who lost the MSN account, she had the same password on her AT&T account. After helping her recover the MSN account, I did the following:
• Separated her DSL and email passwords (AT&T service).
• Assigned new passwords to both the MSN and Yahoo! accounts.
• Made each password for each service different from any other service password.
She is very conscious about suspicious emails, but a password like "sadboy82" can readily fall to a dictionary attack.
And now that I have re-read your post:
Do any of your contacts send humor (and similar) forwards using CC? If so, just one user with a compromised account can have a CC list compromised. Senders of such blasts should use BCC instead. And use a "throwaway" email of their own on the "To:" line so anti-spam tools won't ding the email for having "Undisclosed Recipient" on the "To:" line.
Furthermore, while I have never had an account compromised, I have had my email address forged by spammers in their SMTP "MAIL FROM" commands. All that I could do for that account was ride out a spade of NDRs. Things pretty much returned to normal after about six weeks, when the spammer moved on to forge somebody else's email address.
Nothing any ISP/ESP can do about those issues either.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 BK3
join:2001-04-10
Geneva, IL | reply to mattrixx
While I have never had an account "hacked", a lawyers office that I sometimes do IT work for had theirs compromised as you describe. When they discovered what was happening, they called me in a panic. I told them that all they needed to do was to change their password, but no one there knew how to do it. So they called me in, I changed the password, and they've not had trouble since.
--
Learn from the past and look to the future. |
|
|
|
| Yeah changing the password was what I did as well, but other responses to this E-Mail "hack" question (on different forums) say that,
clicking on an "infected" link within an E-Mail sent by friend /colleague could result in a keylogger being unknowingly installed.
This is then used to harvest E-Mail Passwords! |
|
| reply to NormanS
"And now that I have re-read your post:"
"Do any of your contacts send humor (and similar) forwards using CC? If so, just one user with a compromised account can have a CC list compromised. Senders of such blasts should use BCC instead. And use a "throwaway" email of their own on the "To:" line so anti-spam tools won't ding the email for having "Undisclosed Recipient" on the "To:" line"
Yes, this is more than likely what happened to me as I blissfully clicked on a friends humor link as many times before.
I use BCC when "forwarding and always try to remove any other addresses that may accompany the "forward". Getting "senders" to follow this advice is not so easy! |
|
FrohikePremium
join:2000-07-23
Waxahachie, TX
kudos:4 | reply to mattrixx
We find alot of people do not use a unique password for their email. Meaning, they use the same password for every login site, like facebook, twitter, other email sites etc etc.
So if someone gets compromised on facebook as example, those same hackers will try that password at their email login to see if it works. Voila, they are in and sending spam to all your contacts. Happen to my mother. I had to educate her on using unique passwords for banking and email. |
|
| I have several E-Mail accounts from several different providers, each with it`s own "unique" password.
I never re-use any of my passwords for anything else!
This was my oldest and most established "family" E-Mail account with an *sbcglobal.net*
address (ATT is now the ISP...used to be Yahoo) that was compromised! |
|
Reviews:
 ·Insight Communic..
| reply to mattrixx
Actually some things that ISPs can do is require SSL auth on both send and receive.
Only permit sending from their own IP ranges, for mobile or HotSpot access have a different outbound server that also requires SSL auth, and logs IP address for abuse. Could also require the user to receive a text message to verify they have signed in from a remote not ISP IP location. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| Many ISPs used to refuse to talk to a client if the connection was not their IP address. This led to a problem for me when using a Pacific Bell dial-up connection: PacBell contracted with Level 3 for some of there dial-up POPs, but those IP addresses were not in the PacBell SMTP server client list, so I was treated as if I was not using my ISP connection!
Anyway it isn't clear if the OP's account was actually hacked, or if some spammer merely got their grimy mitts on an errant CC: list.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Reviews:
·Insight Communic..
| Frankly I feel we need to go back to those days, with the add on of text verification. The server will hold the message, sending a message to the account asking the user to log in and verify they are trying to access their email from a non-ISP IP. Yea it may frustrate or break stuff for the non-techie, but maybe we will finally get a handle on account hijacking for spambots. That and we also need to make it harder to get hosting/rack space to send out spam too. As host winds seems to be a frequent offender. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by OSUGoose:Frankly I feel we need to go back to those days, with the add on of text verification. The server will hold the message, sending a message to the account asking the user to log in and verify they are trying to access their email from a non-ISP IP. Yea it may frustrate or break stuff for the non-techie, but maybe we will finally get a handle on account hijacking for spambots. That and we also need to make it harder to get hosting/rack space to send out spam too. As host winds seems to be a frequent offender.
So 'a@msn.com' attempts to send an email from some East Indian IP address. The server sends some kind of verification to 'a@msn.com'? And just who is going to get it? I am thinking the spammer who stole that account will get it, and verify it.
While we are discussing this, 'a@msn.com' gets Internet connectivity through "at&t Yahoo! HSI. But their email would go out through MSN servers: Now what?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
| My overall point is the more hassle you make it for the scammer/spammer the less likely they will try, they will just move on to their next easy mark. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by OSUGoose:My overall point is the more hassle you make it for the scammer/spammer the less likely they will try, they will just move on to their next easy mark.
You are looking for FUSSP?
»www.dmuth.org/fussp.html
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 RARPSL
join:1999-12-08
Suffern, NY | reply to OSUGoose
said by OSUGoose:Actually some things that ISPs can do is require SSL auth on both send and receive.
Only permit sending from their own IP ranges, for mobile or HotSpot access have a different outbound server that also requires SSL auth, and logs IP address for abuse. Could also require the user to receive a text message to verify they have signed in from a remote not ISP IP location.
How do you handle someone with email accounts from a number of ISPs? So long as the user uses SSL on the sending connection, there should be NO refusal to accept the connection due to not coming from the ISP's network. This applies not only to a roaming based connection (ie: One from a laptop or via WiFi while on the road) but also a home based hard wired connection.
The use of SSL or a SMTP AUTH handshake using CRAM-MD5 (But NOT LOGIN or PLAIN which use a static easily exposed password) should be enough to allow the connection. |
|
 HallPremium,MVM
join:2000-04-28
Dayton, OH
kudos:2 | reply to mattrixx
Sounds like what happened to my Mom's Yahoo email account 1-2 weeks ago. A dozen or so people from her 'contacts' rec'd an e-mail from her with a hyperlink (related to a WordPress blog) in it. She didn't send it but those people think it came from her.
She had a simple password too. All I did was change it something "strong" and told her not to worry about it. |
|
Reviews:
·AT&T Midwest
| said by Hall:Sounds like what happened to my Mom's Yahoo email account 1-2 weeks ago. A dozen or so people from her 'contacts' rec'd an e-mail from her with a hyperlink (related to a WordPress blog) in it. She didn't send it but those people think it came from her. I don't use the web mail. But another way such a symptom could happen is that sometimes people will send an email to most or all of their address book without hiding the address list. If one of those recipients is a spammer, he would have the info needed to pull off that. Another case is that one of her recipients forwards it to such a spammer, and quotes the list of email addresses. I am not saying this is probable, but possible.
I really like the disposable email addresses, which was formerly called AddressGuard. This is not relevant to this particular problem, but if one of those addresses gets compromised, you may be able to tell who leaked it, and you can disable that address easily. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by StillLearn:... another way such a symptom could happen is that sometimes people will send an email to most or all of their address book without hiding the address list.
Any user whose computer is compromised by certain spam 'bots, will have their local discs scanned for any data resembling an RFC 822 email address ('user@domain.tld'). Those will be sent back to the 'bot owner to be compiled into a "Millions of E-Mail Addresses" list to be sold to anybody looking to send spam.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
