Topic: Yahoo-Xtra Email Spam Attack

Offline Apostrophe Spacemonkey

  • Fuck this title in particular.

  • Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!
  • Posts: 19,050
Some of you may know about this. here is an article on it.
http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10864681


I have a question for some technical people here regarding this quote,

Quote
Ray Eyre said he had even begun to receive email spam from his own account.
 
"The spam from my own address must be generated on the telecom/yahoo server as there is no other way it can happen."


From what I understand, that's it's quite easy to mask the actual address you are sending an email from, and replace it. So that the person reciving it thinks it's from someone else. Can someone confirm this for me?


Still, Telecom calling it a phishing attack is ridiculous.
Last Edit: February 11, 2013, 01:31:58 pm by Spacemonkey

Posted: February 11, 2013, 12:39:16 pm

Offline Apostrophe Spacemonkey

  • Fuck this title in particular.

  • Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!
  • Posts: 19,050

Reply #1 Posted: February 11, 2013, 01:31:41 pm

Offline Spigalau

  • Hero Member
  • Spigalau is a force to reckon with.Spigalau is a force to reckon with.Spigalau is a force to reckon with.Spigalau is a force to reckon with.Spigalau is a force to reckon with.Spigalau is a force to reckon with.Spigalau is a force to reckon with.Spigalau is a force to reckon with.
  • Posts: 10,736
"Telecom has admitted its outsourced YahooXtra email service has been  compromised by hackers resulting in some YahooXtra customer accounts  being hijacked to send out malicious email.             It is advising all YahooXtra customers to change their passwords.  


          The company initially blamed a deluge of compromised accounts on a  successful phishing attack, saying customers were tricked into clicking  on scam emails, but has now acknowledged a "second attack" that was  outside customers' control.   "

What would Battlemonkey do ?

Reply #2 Posted: February 11, 2013, 03:47:02 pm
49 20 63 61 6e 20 72 65 6d 65 6d 62 65 72 20 77 68 65 6e 20 74 68 65 20 61 69 72 20 77 61 73 20 63 6c 65 61 6e 20 61 6e 64 20 73 65 78 20 77 61 73 20 64 69 72 74 79 2e

Offline The Demon Lord

  • Addicted
  • The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!
  • Posts: 2,849
We had a bunch of customers querying funny emails from Xtra. I sent them the link to the Herald article around lunch time,

I then said: Lol, Xtra.

Reply #3 Posted: February 11, 2013, 03:59:33 pm

Offline The Demon Lord

  • Addicted
  • The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!
  • Posts: 2,849
Quote from: Spacemonkey;1517616
From what I understand, that's it's quite easy to mask the actual address you are sending an email from, and replace it. So that the person reciving it thinks it's from someone else. Can someone confirm this for me?

its fucking easy:

Telnet mailserver.mail.com 25
Helo Mail
Mail From:spoofed.address@domain.com
Rcpt To:Spam.victim@domain.com
Data
Lol Spam
.
.
end

however most spam filters will block on this, also most mail servers aren't open relays, so you can only send email through them if you are on their allowed list (so for example, you are on a Telecom connection, or have authenticated with a telecom username and password)

Also some domains use SPF which will only allow email to be sent from that domain from specified servers (assuming the B party does SPF checking)

Reply #4 Posted: February 11, 2013, 04:03:24 pm

Codex

  • Guest
^the smtp servers telecom provide have no auth requirements, at all.

I learnt that recently when helping someone migrate their email, they hadn't been with telecom for 3 years but were using their smtp server to send mail from a new email address never ever used by telecom.

It's a complete joke

Reply #5 Posted: February 12, 2013, 06:21:03 pm

Offline Xsannz

  • Addicted
  • Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!
  • Posts: 5,412
Quote from: Codex;1517838
^the smtp servers telecom provide have no auth requirements, at all.

I learnt that recently when helping someone migrate their email, they hadn't been with telecom for 3 years but were using their smtp server to send mail from a new email address never ever used by telecom.

It's a complete joke

has been since the blurged and splurged and forced xtra to bond with yahoo.  and sold out like dicks...

i was a telecom as a rep when they did that and you cannot believe how many business customers they lost because they didn't tell them they were just switching of their email addresses and forcing yahoo onto people...

AND for those that remember that campaign was Called Xtra Bubble when it launched with numerous problems.. bit like when they launched XT network without proper testing....

Reply #6 Posted: February 12, 2013, 07:19:25 pm

Offline Craigor

  • Administrator
  • Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!
  • Posts: 11,465

Reply #7 Posted: February 27, 2013, 01:47:03 pm
<a href="steam://friends/add/76561197966242864/">Add me to Steam</a> <- Fixed! lol

Offline The Demon Lord

  • Addicted
  • The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!
  • Posts: 2,849
Quote from: The Demon Lord;1517638
Lol, Xtra.

...

Reply #8 Posted: February 27, 2013, 02:30:56 pm

Offline Xenolightning

  • Moderator
  • Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!Xenolightning is awe-inspiring!
  • Posts: 3,485
Quote from: Craigorsarus;1519242
Aaaaand again:
http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10868089

Nah it's probably just dipshits that haven't changed their passwords from the last attack.

Reply #9 Posted: February 27, 2013, 03:26:47 pm
-= Sad pug is sad =-

Offline Apostrophe Spacemonkey

  • Fuck this title in particular.

  • Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!
  • Posts: 19,050
Quote from: Xenolightning;1519253
Nah it's probably just dipshits that haven't changed their passwords from the last attack.

It is.

Quote
About 1500 accounts that did not have their passwords changed after the earlier Xtra hacking are understood to be affected by the latest breach, RadioLIVE reported.

Reply #10 Posted: February 27, 2013, 03:38:00 pm

Offline Craigor

  • Administrator
  • Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!
  • Posts: 11,465
Quote from: Xenolightning;1519253
Nah it's probably just dipshits that haven't changed their passwords from the last attack.

I believe you are correct:
Quote
About 1500 accounts that did not have their passwords changed after the earlier Xtra hacking are understood to be affected by the latest breach, RadioLIVE reported.

But it's still amusing[/FONT][/COLOR]

Reply #11 Posted: February 27, 2013, 03:39:02 pm
<a href="steam://friends/add/76561197966242864/">Add me to Steam</a> <- Fixed! lol

Offline Craigor

  • Administrator
  • Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!Craigor is awe-inspiring!
  • Posts: 11,465
^stupid space monkies.

*storms off*

Reply #12 Posted: February 27, 2013, 03:40:16 pm
<a href="steam://friends/add/76561197966242864/">Add me to Steam</a> <- Fixed! lol

Offline Apostrophe Spacemonkey

  • Fuck this title in particular.

  • Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!
  • Posts: 19,050
Coffee makes me post fast.

Reply #13 Posted: February 27, 2013, 03:41:39 pm

Offline The Demon Lord

  • Addicted
  • The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!The Demon Lord is awe-inspiring!
  • Posts: 2,849
Quote from: Spacemonkey;1519258
Coffee makes me post farts.

This is what I thought you said.

It is far more amusing and provides a broader spectrum for further discourse

Reply #14 Posted: February 27, 2013, 03:43:46 pm

Offline Apostrophe Spacemonkey

  • Fuck this title in particular.

  • Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!
  • Posts: 19,050
It does indeed. One can only imagine how consuming a liquid caffeine containing substance can grant one an ability to transmit a bodily function using telecommunicational methods to an online bulletin board system.

Reply #15 Posted: February 27, 2013, 04:03:32 pm