øAslickproductions.org/forum/index.php?PHPSESSID=5f0fck550j2m4m2fpbtkj2vkm1&topic=1447.0e:/My Web Sites/Slick Productions - FFIV Message Board/slickproductions.org/forum/index144c.htmlslickproductions.org/forum/index.php?PHPSESSID=5f0fck550j2m4m2fpbtkj2vkm1&board=6.80e:/My Web Sites/Slick Productions - FFIV Message Board/slickproductions.org/forum/index144c.html.zx¼ h^ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÈ°U ²OKtext/htmlISO-8859-1gzip@øÕ ²ÿÿÿÿÿÿÿÿTue, 10 Mar 2020 22:03:00 GMT0ó°° ®0®P®€§²ð®¼ h^ÿÿÿÿÿÿÿÿ # ² any other Yahoo Mail spammers?

« previous next »
Pages: 1

Author Topic: any other Yahoo Mail spammers?  (Read 3288 times)

assassin

  • Bane of Retards
  • *
  • Posts: 1,033
  • space bears are not gentle!
    • View Profile
    • My Barren Webpage
any other Yahoo Mail spammers?
« on: August 30, 2010, 02:11:51 AM »
for those of you using Yahoo Mail,

last night, my sister pointed out to me that my email address sent her (and nine other contacts in my address book) two emails with a link to some pills site, which she smartly didn't click on.  this was news to me, so i checked my account, and there was a bounceback message for some other intended victim, that shows the original spam message as coming from a Yahoo Web Mail server, my email address, but an originating IP address of 58.187.63.169 (adsl-dynamic-pool-xxx.fpt.vn -- bad morning, Vietnam).

this is unlike anything i've encountered before.  i've been had my email addy forged in spam before, but the message would be sent through a server that wasn't Yahoo mail, and to contacts that had nothing to do with me.  but in this case, all the recipients were on my Contacts list, and the group of ten is eclectic enough that there's no way anybody could guess them all without having some manner of access to my account.

i've had viruses on a couple of the machines i've used to access YahooMail in the past, but they've been gone for 2+ months per every virus/malware scanner i've tried, and i don't think i ever logged in before wiping them out.

the most description i can find of this issue is here:

http://dagblog.com/humor-satire/who-hijacked-yahoo-mail-3151

fortunately, i haven't gotten a wiped out Sent folder like some of these people. :O

also, note that neither of the offending emails were saved to my Sent folder.

i'll be changing all my passwords on a never-compromised computer tomorrow.  but i'm still a bit freaked out, as i access two online banking accounts and a Scottrade account from this computer.  not to mention if people report my messages to Yahoo Mail Abuse, i could lose an account i've had for over a decade. :/

if any of you still use Yahoo Mail, have you encountered anything like this?
Logged

Lenophis

  • Forum Overlord
  • *
  • Posts: 1,688
  • Gender: Male
  • I sad
    • View Profile
    • Slick Productions
Re: any other Yahoo Mail spammers?
« Reply #1 on: August 30, 2010, 04:20:28 AM »
Should I be offended I did not receive any of this email?! :cycle:

All kidding aside, that sounds like a damn serious problem. I have to think Yahoo knows this is going on, so they should in theory not blame you for that stuff, especially if they investigate it like you have. But then again, you never know...

This could also spell trouble for the other webmail guys too, but time will tell.
Logged

119 bugs fixed and counting.

assassin

  • Bane of Retards
  • *
  • Posts: 1,033
  • space bears are not gentle!
    • View Profile
    • My Barren Webpage
Re: any other Yahoo Mail spammers?
« Reply #2 on: August 30, 2010, 04:31:24 AM »
- it was a different account, "real life" stuff, so no hacker people are in the contacts.
- let's hope not.  i feel kind of guilty now..  in the past, if i received a spam that the Yahoo DomainKeys indicated was from a genuine Yahoo user, i reported the message to abuse@yahoo.com.  i did so with the hope they'd delete the mofos, though i didn't outright ask for that.  now i'll have to abstain from this practice, lest i victimize someone who was hacked like i was.
Logged

Odbarc

  • Hell's Rider
  • *
  • Posts: 424
  • Gender: Male
  • FF6 obsessed
    • View Profile
    • Newage3.com, a text based web game RPG I Admin.
Re: any other Yahoo Mail spammers?
« Reply #3 on: August 30, 2010, 08:06:00 AM »
Maybe the messenger service was hacked and has nothing to do with your security.
Frankly most emails come out-right as fake or forged looking. I don't even think my mother sent a single message that didn't begin with [RE:]
Logged

bond697

  • FF4 Archivist
  • *
  • Posts: 624
  • Gender: Male
  • is NOT a spoony bard!
    • View Profile
    • The FF4 Reference Book
Re: any other Yahoo Mail spammers?
« Reply #4 on: August 30, 2010, 11:21:54 AM »
so.. how do you know your computer was never compromised?  don't trust malware scanners.  you would be surprised at the things they miss, not to mention that they all find some different things, so you would need to scan with a bunch to even come close to being sure your pc is clean.  then you would have to have someone manually inspect via procexp, procmon, tcpview, gmer, etc to make sure there is nothing else running that most malware scanners miss, things like rootkits.
« Last Edit: August 30, 2010, 11:35:37 AM by bond697 »
Logged
The FF4 Reference Book - Now with new hosting!

assassin

  • Bane of Retards
  • *
  • Posts: 1,033
  • space bears are not gentle!
    • View Profile
    • My Barren Webpage
Re: any other Yahoo Mail spammers?
« Reply #5 on: August 30, 2010, 08:12:08 PM »
Quote from: bond697
so.. how do you know your computer was never compromised?

i actually said quite differently:

Quote from: me
i've had viruses on a couple of the machines i've used to access YahooMail in the past, but they've been gone for 2+ months per every virus/malware scanner i've tried, and i don't think i ever logged in before wiping them out.

i'll never prove a negative, so the best i can do is run as many scanners as possible.  these are unfamiliar to me:

Quote
procexp, procmon, tcpview

i've used at least one of gmer's utils as part of the giant malware scan SDFix (EDIT: er, i think it was ComboFix) on the other computer, but not on this one.  that scan got rid of a rootkit in pciide.sys, but it somehow came back, until Kaspersky's TDSSKiller got rid of it for good.  TDSSKiller didn't find the TDSS rootkit on this computer, though that doesn't rule out others.

the number of Mac users (who wouldn't be susceptible to a Windows virus) or people with months-ignored Yahoo Mail accounts (who wouldn't be victimized by a keylogger since they weren't even logging in) in that dagblog.com thread give me some confidence that my account cracking did not occur from any of my machines.

these articles linked from that page:

http://www.scmagazineus.com/rampant-brute-force-attack-against-yahoo-mail/article/149373/
http://tacticalwebappsec.blogspot.com/2009/09/distributed-brute-force-attacks-against.html

describe how spammers can brute-force crack Yahoo users' passwords.  my password was only 7 characters long, which reportedly made it more liable to such a thing.  not so anymore: my new password's so long, my monitor takes a deep breath while i'm in the middle of typing it.  my new password's so long, that a chiropractor has to work over my hands before i can browse my Inbox.  my new password's so long, a contact sends me a followup snail mail with exquisite calligraphy, and i reply in kind, before i ever see their email.  etc, etc. :P
« Last Edit: August 31, 2010, 01:26:55 AM by assassin »
Logged

bond697

  • FF4 Archivist
  • *
  • Posts: 624
  • Gender: Male
  • is NOT a spoony bard!
    • View Profile
    • The FF4 Reference Book
Re: any other Yahoo Mail spammers?
« Reply #6 on: August 31, 2010, 03:42:22 PM »
Quote from: assassin on August 30, 2010, 02:11:51 AM
i'll be changing all my passwords on a never-compromised computer tomorrow. 

e: make sure you mix numbers and special characters into your new password. 

combofix is good(better than sdfix, anyway), but it's, again, automated.  you would need an actual person to sort through and make sure it's clean.

and, wow, that's a hell of a thing for yahoo to miss.

those utilities i listed are sysinternals utilities.  http://technet.microsoft.com/en-us/sysinternals/default.aspx

when i remove malware i generally start with malwarebytes and super antispyware.  one run each in safe mode.  then, if it looks like it's necessary, combofix once in safe mode.  past that, it becomes a mix of procexp, procmon, autoruns, and tcpview to see what's running/listening/connected and rootkit revealer and gmer to do a rudimentary check for a rootkit.  at that point, you're removing malware by hand either in safe mode or through the recovery console.  i've been doing a lot of reading on exploits and security lately, and all of the malware cases our(admittedly small) company gets come to me, along with pretty much anything past basic adware from a few of our large clients, and i'm yet to fail in removing something(outside of the occasional bluescreening system after removing a really nasty rootkit) with that method, so it definitely works.

by the way, i don't know if anyone told you about combofix, but if you're going to use it be prepared to recover your system/user profile via the recovery console.  if it locates malware and the infection is removable by combofix, it WILL remove the infection regardless of what vital system processes it may break.
« Last Edit: August 31, 2010, 04:03:13 PM by bond697 »
Logged
The FF4 Reference Book - Now with new hosting!
Pages: 1
« previous next »