On Nov 5, 2009, at 6:48 PM, Andrew Daviel wrote: > I was wondering what other admin's experience has been with > compromised > SM accounts, and how spammers are able to obtain passwords. Spear phishing... Your user gave it to them. Search for it in their Sent mail. I expect you'll find it in the past couple of months. > Certainly, we see a lot of webmail phishing from .edu domains, > although I don't believe > we ourselves have ever been previously compromised like this. > > I'm still somewhat concerned; it's as if the spammers deliberately > chose > to use some lightly-used accounts where the owners might not notice, > and > perhaps have a pool of others available. It's not 'as if', they actively are. High-Ed and K12 have been dealing with this for years now. They do have a pool of accounts. They may obtain a password for an account and not actually use it to send spam or other phishing attempts until a month or two later. They're targeting webmail users, seemingly SM users in particular. They send e- mails claiming to be your support staff saying that they need to upgrade the mail system, fix some broken part of it, etc and need the user to confirm their account information in order to keep their account. You'd be surprised at how many happily oblige. These people are not really very sophisticated. They depend on the gullibility of the users to get the account info and manually send spam from the accounts. For SM, they typically change the reply-to address and use the signature for the spam payload. That way, they just need to copy/ paste the To:/Bcc: addresses... > It would be nice to assume that > the problem is all client-end - malware, conficker worm, or phishing - > but the small volume on these accounts implies a reduced chance of > receiving phishing messages or infected attachments compared to the > typical always-online user. Spear phishing has been our experience 100% of the time. -- Marc ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
