[email protected] wrote:
Michael wrote on 02/09/2012 12:20:46 PM:
We had a compromised account doing this last weekend! CanIt caught a
few of the outgoing messages, and I soon blocked the account. The email
were initially all going to a single gmail and a single ebay account.
Later messages (all blocked) branched out to hotmail, and a few others.
No idea what is up with this? I am curious, is there a reason the
customer might be harassed in this way?
I suspect that the customer wasn't being harassed per se. My experience
as recipient from several hacked accounts has been that some compromised
accounts are only used to send to contacts in the address book. Perhaps
this user only had the two entries. Of course they can also send to
external lists of addresses as you've seen.
But the messages and subject were literally (as in literally) random
strings of words. There were no email addresses or links that could be
used to sell any product. I could see no purpose in the outgoing
messages except to harass the recipients.
Having the user change their password is usually enough to shut down the
abuse.
Yes, our compromised account had the password changed. But this does
not help the recipient of the messages.
Mike
--
Michael D. Sofka [email protected]
C&MT Sr. Systems Programmer, Email, HPC, TeX, Epistemology
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
