[kwlug-disc] OT: weird spam outbreak

Brad Bierman bbierman42 at gmail.com
Tue Sep 21 13:09:33 EDT 2010


One of my resources that I use is sans Internet Storm Centre

They have someone that reviews information that is sent in to them.  Not
perfect, but a resource none the less.

http://isc.sans.edu/index.html


<http://isc.sans.edu/index.html>Hope the link helps!
Brad

On Tue, Sep 21, 2010 at 10:32 AM, Raul Suarez <rarsa at yahoo.com> wrote:

> I can tell you that since a couple of weeks ago I started receiving
> sporadic spam from a friend's hotmail account.
>
> I contacted him and he replied that other people told him the same.
>
> It seems that this spam is highly targeted: From a hotmail account to the
> contacts of that account.
>
> Raul Suarez
>
> Technology consultant
> Software, Hardware and Practices
> _________________
> Twitter: rarsamx
> http://rarsa.blogspot.com/
> An eclectic collection of random thoughts
>
>
> --- On Tue, 9/21/10, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
>
> > From: Paul Nijjar <paul_nijjar at yahoo.ca>
> > Subject: [kwlug-disc] OT: weird spam outbreak
> > To: kwlug-disc at kwlug.org
> > Received: Tuesday, September 21, 2010, 1:46 AM
> >
> > This is not very much about Linux. It deals with e-mail in
> > general.
> >
> > In our spam-catcher mailboxes I am noticing a lot of spam
> > that appears
> > to be coming from legitimate addresses. It looks like the
> > spam is
> > coming from legitimate Yahoo and Hotmail addresses, and
> > being sent to
> > the address books of the senders.
> >
> > The spam has no subject, which makes websearches hard. The
> > body of the
> > e-mails consist of a single link to online pharmacy sites.
> >
> >
> > This is recent. I started noticing a week or two ago.
> >
> > Some mailers (notably Hotmail) use an X-Originating-IP
> > header, which
> > is sometimes consistent for a sender, and sometimes not.
> >
> > At first glance it looks like the e-mail is going through
> > Hotmail/Yahoo's mail servers (but of course that can be
> > spoofed).
> >
> > Is there some automated attack that is breaking into these
> > accounts
> > and using them to send spam?
> >
> > I can believe that some people have their accounts hacked
> > into and/or
> > are taken over by botnets and used to send spam. But it
> > seems weird
> > that I am seeing so many instances of this kind of spam
> > right now.
> > I suspect that something co-ordinated is going on, but I
> > don't know
> > what.
> >
> > Partially this is idle curiosity, but partially I am
> > stumbling around
> > trying to figure out what advice to give to the affected
> > people (who
> > might well be attempting job searches with these accounts).
> > I guess
> > they should change their Hotmail/Yahoo passwords. I don't
> > know what
> > else to say.
> >
> > - Paul
> >
> > --
> > http://pnijjar.freeshell.org
> >
> >
> > _______________________________________________
> > kwlug-disc_kwlug.org mailing list
> > kwlug-disc_kwlug.org at kwlug.org
> > http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> >
>
>
>
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
>



-- 
http://www.google.com/profiles/bbierman42
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20100921/9e732606/attachment.html>


More information about the kwlug-disc_kwlug.org mailing list