Towertalk
[Top] [All Lists]

Re: [TowerTalk] Spam update

To: towertalk@contesting.com
Subject: Re: [TowerTalk] Spam update
From: David Robbins <k1ttt@verizon.net>
Reply-to: k1ttt@arrl.net
Date: Thu, 16 Aug 2012 12:19:12 -0500 (CDT)
List-post: <towertalk@contesting.com">mailto:towertalk@contesting.com>
everyone should know there are at least 4 different ways you can be seen as 
sending spam and not know about it... and not all of them can be fixed by 
changing passwords!

1. virus on your machine - in this case the virus probably has access to your 
local address book and mail client if you use a program like outlook to send 
email.  the virus in this case could send mail that looks just like you, 
complete with stolen subject lines and even message text so that it looks like 
something you would say.  these may be found by virus or malware scanners, and 
can also be spotted by periodic slowdowns in the machine response or high 
network activity when you aren't doing anything.  you may also get back bounce 
messages and get cursed at by friends and relatives.  of course if you have 
this the virus could also steal credit card or other financial information, log 
keystrokes to get other passwords, etc.  this one can not be fixed by just 
changing passwords since the program is running on your computer and you login 
for it every time you get your mail.

2. hijack of pop/smtp password - if you use a mail service that uses a remote 
pop/smtp server the password for it can be guessed or stolen by a keylogger or 
other virus or hack of the isp's login or brute force.  in this case the 
password is given to a remote machine that sends mail through your isp that may 
or may not look like it is coming from you.  some isp's prevent this by only 
accepting logins from their own ip address ranges, but not all of them do this 
as it can prevent you from using their service while you are on the road.  This 
one will not be found by any scans on your computer, though your isp may be 
able to detect it by a series of failed logins or abnormal mail volume or 
strange ip addresses logging in as you.  the hijacker would not have access to 
your address book, but could intercept incoming email to get addresses and 
other information.  this one can be fixed by changing the password you use to 
retrieve/send mail through the isp.

3. forging return or reply-to address - this is one that you can not detect or 
stop.  it is often only noticed because you get a rash of bounced email notices 
from people you don't know.  how this works is that someone gets your email 
address, probably in a list bought or stolen for this purpose, or just scraped 
off a web page or discussion forum where you use your real address for replies. 
 the address is then used to forge the headings on spam the sender is 
generating so that it looks like you  sent the mail, though if you look at the 
details of the headers you will see it actually comes from some server other 
than the one you send mail from.  these servers are often quickly blacklisted 
because of the volume of spam they generate so are changed regularly, as are 
the addresses being used.  the recipients probably have no relation to you as 
they are also probably from some big list of addresses to be spammed.  often in 
messages sent like this the 'to' addresses will be hidden by usin
 g bcc or if not there will be a whole series of alphabetically sorted 
addresses.  again, there is nothing you can do to stop this one.  fortunately 
the spammers that do this have LOTS of addresses to work from so it is likely 
that yours will only be used for a short time.

4. hijack of webmail account - this is likely the source of many of the recent 
spam attacks, someone has hacked yahoo and some other places and got a bunch of 
passwords.  though it can also be someone who has just brute force guessed 
common passwords, or used some other exploit like phishing messages to get your 
password... ever get one of those 'your mailbox is full' or 'your account has 
been hacked' messages that asks for your email address and password so the 
administrator can fix it before you get cut off???  if you respond then you 
have just given the spammer another account to send their stuff from.  this 
could also compromise other accounts if you use it to collect mail from other 
services as it would have login/password information for other services you 
use.  for this reason i prefer to use outlook running on my computer to collect 
mail from the different accounts i use.  when this happens again the spammer 
gets access to your on-line address book (but not one you may have o
 n your local pc only), and all the mail you may store on the server, so they 
can send mail that looks like it comes from you.  if you can still login you 
can change the password and it 'should' stop this one, unless the hacker 
intercepts the password change request and cancels it, or changes it so you can 
no longer log in.  this can be particularly bad if you have abandoned an 
account since you won't see replies to the accounts or notices from the 
provider so the spammer has free run of it until the provider cuts it off.



Aug 16, 2012 12:45:09 PM, dearborn9@sbcglobal.net wrote:

I have received 14 direct messages that say "Just change your password" 
Thanks to all but..................when this junk started over 8 months 
ago that was the first thing I did was change my email password. I'm 
retired from a federal Law enforcement agency, identified by three 
letters . I know how to make up passwords using lots of mixed up letters 
etc, the govt is full of those!.......so far nothing has helped but 
thanks to all for the idea. Also to the one that said 'try changing your 
feedline to a better coax!!!! I admit that one did get to me. 73

Jim- WA9FPT
_______________________________________________



_______________________________________________
TowerTalk mailing list
TowerTalk@contesting.com
http://lists.contesting.com/mailman/listinfo/towertalk
_______________________________________________



_______________________________________________
TowerTalk mailing list
TowerTalk@contesting.com
http://lists.contesting.com/mailman/listinfo/towertalk

<Prev in Thread] Current Thread [Next in Thread>