[kwlug-disc] OT: weird spam outbreak

Raul Suarez rarsa at yahoo.com
Tue Sep 21 10:32:00 EDT 2010


I can tell you that since a couple of weeks ago I started receiving sporadic spam from a friend's hotmail account.

I contacted him and he replied that other people told him the same.

It seems that this spam is highly targeted: From a hotmail account to the contacts of that account.

Raul Suarez

Technology consultant
Software, Hardware and Practices
_________________
Twitter: rarsamx
http://rarsa.blogspot.com/ 
An eclectic collection of random thoughts


--- On Tue, 9/21/10, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:

> From: Paul Nijjar <paul_nijjar at yahoo.ca>
> Subject: [kwlug-disc] OT: weird spam outbreak
> To: kwlug-disc at kwlug.org
> Received: Tuesday, September 21, 2010, 1:46 AM
> 
> This is not very much about Linux. It deals with e-mail in
> general. 
> 
> In our spam-catcher mailboxes I am noticing a lot of spam
> that appears
> to be coming from legitimate addresses. It looks like the
> spam is
> coming from legitimate Yahoo and Hotmail addresses, and
> being sent to
> the address books of the senders. 
> 
> The spam has no subject, which makes websearches hard. The
> body of the
> e-mails consist of a single link to online pharmacy sites.
> 
> 
> This is recent. I started noticing a week or two ago. 
> 
> Some mailers (notably Hotmail) use an X-Originating-IP
> header, which
> is sometimes consistent for a sender, and sometimes not. 
> 
> At first glance it looks like the e-mail is going through
> Hotmail/Yahoo's mail servers (but of course that can be
> spoofed). 
> 
> Is there some automated attack that is breaking into these
> accounts
> and using them to send spam? 
> 
> I can believe that some people have their accounts hacked
> into and/or
> are taken over by botnets and used to send spam. But it
> seems weird
> that I am seeing so many instances of this kind of spam
> right now. 
> I suspect that something co-ordinated is going on, but I
> don't know
> what.
> 
> Partially this is idle curiosity, but partially I am
> stumbling around
> trying to figure out what advice to give to the affected
> people (who
> might well be attempting job searches with these accounts).
> I guess
> they should change their Hotmail/Yahoo passwords. I don't
> know what
> else to say. 
> 
> - Paul
> 
> -- 
> http://pnijjar.freeshell.org
> 
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> 





More information about the kwlug-disc_kwlug.org mailing list