Topic: Yahoo-Xtra Email Spam Attack

Apostrophe Spacemonkey · Posted: February 11, 2013, 12:39:16 pm

Some of you may know about this. here is an article on it.
http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10864681

I have a question for some technical people here regarding this quote,

Quote

Ray Eyre said he had even begun to receive email spam from his own account.

"The spam from my own address must be generated on the telecom/yahoo server as there is no other way it can happen."

From what I understand, that's it's quite easy to mask the actual address you are sending an email from, and replace it. So that the person reciving it thinks it's from someone else. Can someone confirm this for me?

Still, Telecom calling it a phishing attack is ridiculous.

Apostrophe Spacemonkey · Reply #1 Posted: February 11, 2013, 01:31:41 pm

Another article

http://www.stuff.co.nz/technology/digital-living/8287236/Xtra-email-accounts-compromised

Spigalau · Reply #2 Posted: February 11, 2013, 03:47:02 pm

"Telecom has admitted its outsourced YahooXtra email service has been compromised by hackers resulting in some YahooXtra customer accounts being hijacked to send out malicious email. It is advising all YahooXtra customers to change their passwords.

The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a "second attack" that was outside customers' control. "

What would Battlemonkey do ?

The Demon Lord · Reply #3 Posted: February 11, 2013, 03:59:33 pm

We had a bunch of customers querying funny emails from Xtra. I sent them the link to the Herald article around lunch time,

I then said: Lol, Xtra.

The Demon Lord · Reply #4 Posted: February 11, 2013, 04:03:24 pm

Quote from: Spacemonkey;1517616

From what I understand, that's it's quite easy to mask the actual address you are sending an email from, and replace it. So that the person reciving it thinks it's from someone else. Can someone confirm this for me?

its fucking easy:

Telnet mailserver.mail.com 25
Helo Mail
Mail From:spoofed.address@domain.com
Rcpt To:Spam.victim@domain.com
Data
Lol Spam
.
.
end

however most spam filters will block on this, also most mail servers aren't open relays, so you can only send email through them if you are on their allowed list (so for example, you are on a Telecom connection, or have authenticated with a telecom username and password)

Also some domains use SPF which will only allow email to be sent from that domain from specified servers (assuming the B party does SPF checking)

Codex · Reply #5 Posted: February 12, 2013, 06:21:03 pm

^the smtp servers telecom provide have no auth requirements, at all.

I learnt that recently when helping someone migrate their email, they hadn't been with telecom for 3 years but were using their smtp server to send mail from a new email address never ever used by telecom.

It's a complete joke

Xsannz · Reply #6 Posted: February 12, 2013, 07:19:25 pm

Quote from: Codex;1517838

^the smtp servers telecom provide have no auth requirements, at all.

I learnt that recently when helping someone migrate their email, they hadn't been with telecom for 3 years but were using their smtp server to send mail from a new email address never ever used by telecom.

It's a complete joke

has been since the blurged and splurged and forced xtra to bond with yahoo. and sold out like dicks...

i was a telecom as a rep when they did that and you cannot believe how many business customers they lost because they didn't tell them they were just switching of their email addresses and forcing yahoo onto people...

AND for those that remember that campaign was Called Xtra Bubble when it launched with numerous problems.. bit like when they launched XT network without proper testing....

Craigor · Reply #7 Posted: February 27, 2013, 01:47:03 pm

Aaaaand again:
http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10868089

The Demon Lord · Reply #8 Posted: February 27, 2013, 02:30:56 pm

Quote from: The Demon Lord;1517638

Lol, Xtra.

...

Xenolightning · Reply #9 Posted: February 27, 2013, 03:26:47 pm

Quote from: Craigorsarus;1519242

Aaaaand again:
http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10868089

Nah it's probably just dipshits that haven't changed their passwords from the last attack.

Apostrophe Spacemonkey · Reply #10 Posted: February 27, 2013, 03:38:00 pm

Quote from: Xenolightning;1519253

Nah it's probably just dipshits that haven't changed their passwords from the last attack.

It is.

Quote

About 1500 accounts that did not have their passwords changed after the earlier Xtra hacking are understood to be affected by the latest breach, RadioLIVE reported.

Craigor · Reply #11 Posted: February 27, 2013, 03:39:02 pm

Quote from: Xenolightning;1519253

Nah it's probably just dipshits that haven't changed their passwords from the last attack.

I believe you are correct:

Quote

About 1500 accounts that did not have their passwords changed after the earlier Xtra hacking are understood to be affected by the latest breach, RadioLIVE reported.

But it's still amusing[/FONT][/COLOR]

Craigor · Reply #12 Posted: February 27, 2013, 03:40:16 pm

^stupid space monkies.

*storms off*

Apostrophe Spacemonkey · Reply #13 Posted: February 27, 2013, 03:41:39 pm

Coffee makes me post fast.

The Demon Lord · Reply #14 Posted: February 27, 2013, 03:43:46 pm

Quote from: Spacemonkey;1519258

Coffee makes me post farts.

This is what I thought you said.

It is far more amusing and provides a broader spectrum for further discourse

Apostrophe Spacemonkey · Reply #15 Posted: February 27, 2013, 04:03:32 pm

It does indeed. One can only imagine how consuming a liquid caffeine containing substance can grant one an ability to transmit a bodily function using telecommunicational methods to an online bulletin board system.

Topic: Yahoo-Xtra Email Spam Attack

Codex

Get Some Login