This is topic It can happen to anyone in forum Rants, Raves, Rumors! at The Geek Culture Forums!.


To visit this topic, use this URL:
http://www.geekculture.com/cgi-bin/ultimatebb/ultimatebb.cgi?ubb=get_topic;f=19;t=001075

Posted by The Famous Druid (Member # 1769) on February 24, 2010, 17:41:
 
I just received the latest technical support newsletter for a product I use, that's written by an old mate of mine from my university days. If the newsletter is to be believed, he's gone out of the software development, and is now in the Russian Bride biz.

quote:
Marry gorgeous Russian girls now...
11 new profiles added this week

PWNED!

I did some work for this guy a few years ago, he's far more paranoid about network security than I am, and his network is secured within an inch of it's life.

If this can happen to him, it can happen to anyone.
 
Posted by TheMoMan (Member # 1659) on February 24, 2010, 17:59:
 
____ So TFD, did they hackers really get into his system, or did they intercept enough of his mailings to set up a spoof???
 
Posted by Metasquares (Member # 4441) on February 24, 2010, 20:06:
 
Are you sure they didn't just forge the from address? Is it from the mailserver he usually sends from? (i.e. do the SMTP headers make sense?)
 
Posted by GameMaster (Member # 1173) on February 24, 2010, 20:24:
 
Along w/ Metasquares questions, did the newsletters (real ones) use BCC or a long TO list? Sounds like spoofing to me.
 
Posted by dragonman97 (Member # 780) on February 24, 2010, 21:24:
 
It's most likely spoofing.

A really screwy thing that I haven't seen in awhile goes like this:
-A person's computer gets compromised
-The 'badware' running on that computer looks at their Outlook [|Express] e-mail
-It picks a message that it finds...any message
-It resends the message with its own stuff shoved inside it...and...
-It picks any two e-mail addresses from the address book or prior messages, and arbitrarily sets one to be the From and one to be the To.

It's actually a clever social engineering trick which has a significantly greater chance of 'conversion' than a purely random message.
 
Posted by The Famous Druid (Member # 1769) on February 24, 2010, 23:04:
 
Yes guys, from the meager evidence I presented above, it could have been spoofing, but it looks like we were all over-thinking it.

It seems this otherwise well-secured network had not tied down the mailing list interface. Just email your spam to [email protected] and it gets forwarded to everyone on the mailing list.
 
Posted by dragonman97 (Member # 780) on February 25, 2010, 06:31:
 
quote:
Originally posted by The Famous Druid:
Yes guys, from the meager evidence I presented above, it could have been spoofing, but it looks like we were all over-thinking it.

It seems this otherwise well-secured network had not tied down the mailing list interface. Just email your spam to [email protected] and it gets forwarded to everyone on the mailing list.

Ugh. Oh yeah...that. ;P

It's always kind of sad when people forget about listserve security. :/
 


© 2018 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0