[lug] Hacked e-mail accounts

Lee Woodworth blug-mail at duboulder.com
Sat Nov 13 09:13:45 MST 2010 

On 11/13/10 08:54, John Dollison wrote:
> 
> Lately I've seen a rash of hacked e-mail accounts among neighbors, coworkers and friends.  It even happened to my son.  In each case, it was clear that it wasn't just a faked "From / Return To" address; someone actually had access to the victim's adress book, and the offending e-mail showed up in the victim's "Sent" folder.  In each case the victims told me they were running an up-to-date anti-virus program and a full system scan did not detect anything on their system (although I suppose it's possible there's some new malware out there that can avoid detection).

Up-to-date anti-virus doesn't mean that much these days. There have been repeated articles
about tests ofthe detection abilities of anti-virus products. The results
are not encouraging. You might search e-week, pc world or computer world to start.

Then there are the 0-days.

>  
> At first it seemed that it was only happening to Yahoo mail users, but lately I've seen the same attack for users of several other mail services.

You don't have to click for attacks delivered through banner ads or flash or pdf.
Especially if automatic media playing or pdf display is enabled.

>  
> I've been advising my friends that everyone who clicked on a link sent from a hacked e-mail account should run a full system scan, in case the website tried to download any malware when they clicked on the link.  And I've been advising the victims that their best bet is to change their e-mail password and any other accounts that use the same password. Also, if they had any other passwords that were e-mailed to them (like if they registered for any online forums, shopping sites, etc.) then those will need to be changed as well, since the hacker could have read/scanned all their e-mails.

You should do more than that. They need to change their passwords all-over the web since
people commonly use the same password everywhere. Its especially bad news if the email
account password was used at a banking web-site with only password-based authenitication.

>  
> But I'm still not clear on exactly how these accounts are being hacked.  Is someone cracking their passwords?  Finding a back door into Yahoo?  Grabbing them with a "man in the middle" attack?  Any ideas?

Too many ways to think about. Web surfing even at only 'reputable sites' is an attack
vector these days.

>  
> I found several articles about e-mail hackin, including this one from CNET; but it still doesn't answer all my questions:
> http://news.cnet.com/8301-27080_3-20016442-245.html
>  
>  
> My friend Mike has this signature block at the bottom of his e-mail; I should probably add it to mine, too:
>  
> Not PLEASE, DO remove my email address when forwarding.
> It's like wearing a condom; it reduces your chances of catching a virus.
> And learn to use 'BCC'; it could save your computer... or mine.
> http://www.nopeddlers.com/email-safety-tips.php
>  
> So, what do you all think?
> 
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list