Re: [OT] web email acct compromised
On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote:
> Recently one of my Yahoo accts was compromised. Mail was sent all over
> the place with nonsense, to LDU also.
> [. . . ]
> And how is an account compromised?
Looks like it's a growing trend to me. One of my friend was hit a while
ago as well. Because she is not that tech savvy, I couldn't figure out
how it actually happened either. Do you have any clue yourself?
Don't worry if you don't. you are not the first victim. While I was
trying to find the reason for her, I found the following,
Am I sending out spam?
http://boards.straightdope.com/sdmb/showthread.php?t=633043
in which the OP says,
"1)I'm ridiculously careful about that kind of stuff and I'm not sure
I could be tricked into it.
2)This is a seldom used account. It's not used for any social
networking sites, I never would have typed in the username/password
anywhere other then on the webmail page and my phone (it's a POP3
account).. . ."
In other words, it is happening to those who are careful about such
things. So any hints might help.
Judging from her email header, I can tell that the spammer was really
able to get into her account, send email from within the yahoo web mail
interface, to all her contacts, using an Android cell phone through the
YahooMail Mobile phone Web Service.
BTW, the spammer IP address was 117.195.97.137, and the 117.195.96.0/20
address block (117.192.0.0 - 117.207.255.255) belongs to BSNL Internet in
India, according to a whois lookup.
Here is the full email header:
Received: (qmail 62123 invoked by uid 60001); 20 Dec 2011 20:24:45
-0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com;
s=s1024; t=1324412685; bh=Uerd3bJ2IEQlAxxINeFmfZ/RbZ1Dqn4BLyX/qf4QVRE=;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-
Version:Content-Type; b=mCaYOO18t1+C9xm1u0Fisd1s9fO5+MR6Mykku0cZMf9smq
+yg2Qx70hK8mdurk97PTUDW/OsJSnLugzArQQWiApnLVG/t+CIZr
+IAYdBNwFQXZ1lotAOpW1tGMtcMI6QjtFXZt9gYWOAHVamCYAKq0Vf4meMnfNGk88NisYQgE4=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=rogers.com;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-
Version:Content-Type;
b=pT7VarhBYaYQUGmhmthvyP7UjypmjidcaFIJO8yLX4FGZsqHbsy+iazsEfC1bWdo1rC/
djsMlFv6tuhEoKrzjLJ45sMmDDBuQWIXZpzZjMGw5ILVRsGPrp2OeS/WDTc9pvGS6dTFiU
+DjbFcWPCIncoOobSNVCSQVFdPmtQ7eKI=;
X-YMail-OSG: JcRxq6EVM1nm3zKFcoOnAtEo23MwEaGh9nAQXyvg7XOo1J.
tnKPDlwG_SvTEDpG8ylRTyTahWKUtOAxa4.bE_WiHzbvHbRxirSg5d3h.rjL
LT84eL012aK0Fp835Z_7H0ahfrV6JIOlOJW_9PvPjOKllgMvEOwWbjuoOf8H
SEUEfWQwcFbK7Oxn39c.APJmVwM5gk5ry77kt1f_pExbC9CS1TzUk_Wrw.su
R9zfMRzAIcKKW0obEWK7d6BoeKiIhl2o5ndOOePZz7_NEoAvZKmqg5lIPSI9
gM9jDmHVH8gS1rESp4qTSMukULc6u9d1b02PHCOum0i4g_zG4lUX7yWOIYJ3
71qJl6YkJKjebVUt5.Ilemt2DxIy9DZ4CYTCB0eY.6itVYj7JeuS2fzvhse1
s_wuKst.ftWlM7g34z..crd9VRL5vKoZw6SPwWII17p_XKk9mfo.a.FuZ1kW
n0ovtEqD4ZyFbqCcRMcJjS0wx2CDmDzWx7ftt.KtZSOvl_NIvuGW9JeVK_w.
WR4Ulzk.XiFfm3UOnBTilXKxSC_bBNubfwpzLKk1foQ--
Received: from [117.195.97.137] by web88605.mail.bf1.yahoo.com via
HTTP; Tue, 20 Dec 2011 12:24:44 PST
X-Mailer: YahooMailWebService/0.8.115.331698
Message-ID:
<1324412684.53494.androidMobile@web88605.mail.bf1.yahoo.com>
Date: Tue, 20 Dec 2011 12:24:44 -0800 (PST)
From: ......
Subject: I DID IT!
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
Reply to: