[lug] Hacked e-mail accounts
John Dollison
johndollison at hotmail.com
Sat Nov 13 08:54:19 MST 2010
Lately I've seen a rash of hacked e-mail accounts among neighbors, coworkers and friends. It even happened to my son. In each case, it was clear that it wasn't just a faked "From / Return To" address; someone actually had access to the victim's adress book, and the offending e-mail showed up in the victim's "Sent" folder. In each case the victims told me they were running an up-to-date anti-virus program and a full system scan did not detect anything on their system (although I suppose it's possible there's some new malware out there that can avoid detection).
At first it seemed that it was only happening to Yahoo mail users, but lately I've seen the same attack for users of several other mail services.
I've been advising my friends that everyone who clicked on a link sent from a hacked e-mail account should run a full system scan, in case the website tried to download any malware when they clicked on the link. And I've been advising the victims that their best bet is to change their e-mail password and any other accounts that use the same password. Also, if they had any other passwords that were e-mailed to them (like if they registered for any online forums, shopping sites, etc.) then those will need to be changed as well, since the hacker could have read/scanned all their e-mails.
But I'm still not clear on exactly how these accounts are being hacked. Is someone cracking their passwords? Finding a back door into Yahoo? Grabbing them with a "man in the middle" attack? Any ideas?
I found several articles about e-mail hackin, including this one from CNET; but it still doesn't answer all my questions:
http://news.cnet.com/8301-27080_3-20016442-245.html
My friend Mike has this signature block at the bottom of his e-mail; I should probably add it to mine, too:
Not PLEASE, DO remove my email address when forwarding.
It's like wearing a condom; it reduces your chances of catching a virus.
And learn to use 'BCC'; it could save your computer... or mine.
http://www.nopeddlers.com/email-safety-tips.php
So, what do you all think?
--
John Dollison
Westminster, CO 80021
720-935-1970 (cell)
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20101113/c5dfdf97/attachment.html>
More information about the LUG
mailing list