Tuesday, 10. June 2008
PermaLink Gmail, Yahoo! Hotmail users - change your passwords...
I'm sure I read a similar story somewhere else recently, perhaps at Ed Brill's place, but I can't find it now.

Got an email out of the blue from an old college buddy last night. The subject just read "hi".

I assumed my old friend simply had time on his hands and had elected to drop me a quick line, perhaps just to remind me of his existence, perhaps just to pass the time, so I opened it.

Dear friend:

We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. We are expecting for your business.
Please visit our website: [redacted]
E-mail : [redacted]
MSN: [redacted]
Looking forward to your contact and long cooperation with us!
Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.
Welcome to visit our website!

So. Either my friend has gone into the electronics wholesale business, or this email isn't really from him at all.

Well, it is verifiably from his Hotmail account. The message's from header contains exactly 100 recipients including me and the last recipient so named begins with the letter f.

What appears to have happened is that someone has stolen my friend's Hotmail account, possibly by brute forcing the password. The new owner of my friend's Hotmail account is now spamming my friend's contacts, 100 at a time.

Google stolen hotmail account and you'll find many similar tales.

Now, I don't know if other web mail services are being similarly targeted and I don't know exactly how these Hotmail accounts are being stolen - perhaps there's some vulnerability other than just weak passwords.

But, as a precaution, I suggest that anyone who uses a web mail account from the likes of Google, Yahoo! or Microsoft changes the password.

Often.

And make it a good one.

Update: My friend seems to have regained control of his email account. I'd heard tales elsewhere of this proving difficult, with people permanently losing years' worth of email and contacts, but we seem to have a happy ending here at any rate.

Category: Spam miscellany
Technorati:

Comments :

1. Ed Brill10/06/2008 15:10:40
Homepage: http://www.edbrill.com


The reference on my site is
http://www.edbrill.com/ebrill/edbrill.nsf/dx/new-spammer-vector-snags-a-friend

She did eventually get control back of her account, but it was a tough road.



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info

Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Contact Me
email - Chris Linfoot