[kwlug-disc] OT: weird spam outbreak

Paul Nijjar paul_nijjar at yahoo.ca
Tue Sep 21 01:46:56 EDT 2010


This is not very much about Linux. It deals with e-mail in general. 

In our spam-catcher mailboxes I am noticing a lot of spam that appears
to be coming from legitimate addresses. It looks like the spam is
coming from legitimate Yahoo and Hotmail addresses, and being sent to
the address books of the senders. 

The spam has no subject, which makes websearches hard. The body of the
e-mails consist of a single link to online pharmacy sites. 

This is recent. I started noticing a week or two ago. 

Some mailers (notably Hotmail) use an X-Originating-IP header, which
is sometimes consistent for a sender, and sometimes not. 

At first glance it looks like the e-mail is going through
Hotmail/Yahoo's mail servers (but of course that can be spoofed). 

Is there some automated attack that is breaking into these accounts
and using them to send spam? 

I can believe that some people have their accounts hacked into and/or
are taken over by botnets and used to send spam. But it seems weird
that I am seeing so many instances of this kind of spam right now. 
I suspect that something co-ordinated is going on, but I don't know
what.

Partially this is idle curiosity, but partially I am stumbling around
trying to figure out what advice to give to the affected people (who
might well be attempting job searches with these accounts). I guess
they should change their Hotmail/Yahoo passwords. I don't know what
else to say. 

- Paul

-- 
http://pnijjar.freeshell.org





More information about the kwlug-disc mailing list