On Sun, 4 May 2008, Marc Powell wrote: > Just as an FYI, we have seen a dramatic increase in the number of > targeted phishing attempts against our users. Successful phishing > results in the account in question being used to send spasm to Yahoo and > Hotmail most often similar to the above, always via SM (no other > SMTP/ASMTP based attempts are logged). Based on the timing between > messages, variability in number of recipients and other factors, there > are almost certainly humans on the other end doing the spamming and not > scripts. Most often they are from Chinese or African IP space. Once they > acquire an account they -- > > You can grep through local prefs to find the first two and the latter > can be seen by a .sig sized greater than about 100Bytes. (I actually had > some users with very long .sigs). I have heard of similar issues recently on other lists, it's most likely the user accounts have been brute force guessed, too many users (idiots) use such simple passwords, a few years ago when I worked for another company that did wholesale internet to visps, I found one visp that had around 2K users, and of that I estimated about 1500 used "password" as the password, I know it was the clueless twits at the visp that set it up for them, but FFS.... and whats worse is the fact 1500 odd of em never bothered to change it from their members area! Although the visp spent 3 days fixing it all up once I discovered it and threatened to write a small perl script to connect to the DB and globally change every users password with random crap causing a major headache for their support staff ;) If your users passwords are encrypted, write a small perl script to try login to each of their pop accounts with somthing stupid like password as password or their names or whatever, kind of a small limited brute force for simple passwords and kick the users buttocks who uses a simple one. -- Cheers Res I read usenet and lists in pine. But m$ outlook, thunderbird and gmail often use html span/whatever for quotes, makes it hard to tell who said what, so I dont try. If I ignore you, thats why! Use a compliant mailer. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
