Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Web & Email Web & Email
Search Search
Search for:
Tech Support Guy > > >

Solved: Epidemic of Yahoo Account Hacking?


(!)

cwwozniak's Avatar
cwwozniak   (Chuck) cwwozniak is online now cwwozniak is a Trusted Advisor with special permissions. cwwozniak has a Profile Picture
Computer Specs
Trusted Advisor with 46,572 posts.
THREAD STARTER
 
Join Date: Nov 2005
Location: Illinois - USA
Experience: Intermediate
21-Dec-2011, 02:00 AM #1
Solved: Epidemic of Yahoo Account Hacking?
A few days ago I got Spam that looked like it was sent from a friend's Yahoo account. A check of the headers showed that message was sent using HTTP access to the account from an IP address in Venezuela (friend is in the USA).

We have two recent posts here of people getting spam from their friend's Yahoo accounts.
http://forums.techguy.org/web-email/...-sent-all.html
http://forums.techguy.org/web-email/...o-account.html

A Google search for yahoo email compromised covering the last 7 days shows over 98,000 hits.

I don't want to be an alarmist, but does it look like Yahoo accounts under a major hack attack or is this just the usual stuff that goes on every day for all the mail services?
__________________
Chuck W.
"When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours." ~ Stephen F. Roberts
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
21-Dec-2011, 02:25 AM #2
Did you check with the friend to see if there is a copy of that letter in his "Sent" folder? I have doubts that it was actually sent from that account.

The spammers are very clever. They can strip the CC: addresses from emails they come across and then use those addresses to appear to send a letter from them when really they are from somewhere else. Malware on your own machine could send out your addresses for spammers to use as fakes. I'm not questioning your story, but just trying to point out that other things short of actual account access could be involved. DNS spoofing is another whole ball of wax. "Anonymous" emails can be sent out by anyone on servers set up for just that purpose.

("GMail compromised" comes up with 1,870,000 hits on Google's own search.)
__________________
Microsoft MVP
異驚の界世 Ąpןɹoʍ ǝɥʇ ɟo sɹǝpuoʍ ǝɥʇ ɟo ǝuo sı ǝpoɔıun ʞuıɥʇ ı

Last edited by Elvandil; 21-Dec-2011 at 02:31 AM..
cwwozniak's Avatar
cwwozniak   (Chuck) cwwozniak is online now cwwozniak is a Trusted Advisor with special permissions. cwwozniak has a Profile Picture
Computer Specs
Trusted Advisor with 46,572 posts.
THREAD STARTER
 
Join Date: Nov 2005
Location: Illinois - USA
Experience: Intermediate
21-Dec-2011, 11:35 AM #3
I am pretty sure it wasn't some spammer harvesting addresses from cc lists of legitimate emails sent by my friend. I have only known this friend for a short while and all of her e-mails to me were only sent to me with no other addresses shown in the To or CC headers.

I checked the header of the spam and it showed that the message traveled directly from the Yahoo servers to the gmail servers used for my gmail account. I then checked the header of a legitimate e-mail from the friend and it showed an almost identical path; some differences being in the the last octet of the IP addresses and the name assigned to the Yahoo or gmail server. One big difference was the IP address that Yahoo was showing for the user that sent the e-mail via HTTP access. The legitimate e-mail showed an IP address that had a reverse DNS lookup for the friend's ISP in the USA. The spam header showed a completely different IP address. Some checking showed that the address was in a block of addresses assigned for use in Venezuela by a South American ISP. A Realtime Blackhole List (RBL) check showed that the specific IP address was found to be sending spam in the past. This made me suspect that the spammer may have been running a mail server as well as logging into one or more hacked Yahoo accounts.

The friend did not see any spam in her sent folder, but I would not be surprised if the spammer deleted the sent messages in an attempt to hide their tracks.

I can only think of two possible scenarios that caused this; 1) The friend had a simple to crack password, or 2) There is some malware running on her computer that was either a keylogger or user name and password catcher.

EDIT: I am open to suggestions for other possible scenarios.

FWiW, I did a Google search for GMail compromised, limiting the results for the past week, and got about 56,000 hits. Maybe I am just getting paranoid with getting spam from the friend and then seeing two new posts on TSG about Yahoo spamming.

In any case, I am not taking off my tinfoil hat.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,315 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
21-Dec-2011, 02:10 PM #4
Unless he was a victim of an elaborate phishing scam, it's really not easy to crack a webmail account password, unless someone physically got access to his computer and used one of the many password recovery programs available on the Web.

Furthermore, with all due respect, what would someone gain from going through all that trouble for something as benign as a nobody's email account? I think most people fall into paranoia in these cases...

Email Spoofing

Email Spoofing

How do Spammers Harvest Email Addresses

Seems Like You Volunteered to Receive Spam?

You can't do much about it, at least not with the actual account. These links are to give you all the facts about email spoofing and how it is achieved, along with advice on how to avoid it, or at least limit it.

Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and worms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses of the computer owner's friends...
__________________

• Please read instructions and questions carefully, and reply in a timely manner... Thank you.

• Why don't you just Google it?
• If your problem is solved, please click on the Mark Solved button.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,315 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
21-Dec-2011, 02:37 PM #5
Quote:
Originally Posted by cwwozniak View Post
A Google search for yahoo email compromised covering the last 7 days shows over 98,000 hits.
Most of those hits will come from people who never even knew email spoofing existed...

I always avoid logging into anything when using public Internet access points or other computers I have no control on. Many browsers are configured to retain user names and passwords, which in turn can be very easily recovered with free available password recovery programs. And I haven't yet mentioned keyloggers!
cwwozniak's Avatar
cwwozniak   (Chuck) cwwozniak is online now cwwozniak is a Trusted Advisor with special permissions. cwwozniak has a Profile Picture
Computer Specs
Trusted Advisor with 46,572 posts.
THREAD STARTER
 
Join Date: Nov 2005
Location: Illinois - USA
Experience: Intermediate
21-Dec-2011, 02:47 PM #6
The friend had a family member check out her computer and some malware was found and removed. She suspects she picked it up visiting a web site by clicking a link in an e-mail received through the Yahoo account. Protection software has also been installed. I did not get the details.

“Just because you're paranoid doesn't mean they aren't after you”
- Kurt Cobain
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
21-Dec-2011, 02:52 PM #7
Quote:
Originally Posted by Phantom010 View Post
Most of those hits will come from people who never even knew email spoofing existed...
I think the majority of claims from people that their accounts have been "hacked" are wrong and the explanations are usually much more mundane.

A search for "i was abducted by aliens" comes back with many more hits than either of the earlier ones (2,720,000).

"i ate my dog", exact quote search, comes back with 721,000, over 7-times more people than claimed to have their Yahoo accounts hacked.
cwwozniak's Avatar
cwwozniak   (Chuck) cwwozniak is online now cwwozniak is a Trusted Advisor with special permissions. cwwozniak has a Profile Picture
Computer Specs
Trusted Advisor with 46,572 posts.
THREAD STARTER
 
Join Date: Nov 2005
Location: Illinois - USA
Experience: Intermediate
21-Dec-2011, 02:59 PM #8
Quote:
Originally Posted by Elvandil View Post
A search for "i was abducted by aliens" comes back with many more hits than either of the earlier ones (2,720,000).
That just means the aliens are much more successful at finding victims than spammers.

OK, I'm marking this one as solved.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,315 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
21-Dec-2011, 03:01 PM #9
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
21-Dec-2011, 03:17 PM #10
...and people are a lot hungrier than anyone had imagined.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,315 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
21-Dec-2011, 03:22 PM #11
Quote:
Originally Posted by Elvandil View Post
...and people are a lot hungrier than anyone had imagined.
Well, considering that millions of people eat dog worldwide, not mentioning hot dogs, that number of Google hits is not surprising...
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
21-Dec-2011, 04:06 PM #12
Quote:
Originally Posted by Phantom010 View Post
Well, considering that millions of people eat dog worldwide, not mentioning hot dogs, that number of Google hits is not surprising...
The "my" part makes it a bit more surprising since it implies a pet. But you're right, people eat a lot of dogs. But then, there are more Asians on Yahoo than Westerners, too. So the hacking should be proportionally higher due to that. I switched to Chinese Yahoo just because they have free POP mail.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,315 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
21-Dec-2011, 04:10 PM #13
Quote:
Originally Posted by Elvandil View Post
The "my" part makes it a bit more surprising since it implies a pet.
I know, but some will eat their pets as well, after fattening them up for a few years...
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
21-Dec-2011, 04:15 PM #14
Yeh, that's true, too. When my brother was in Botswana, he couldn't let his cat out, either, for fear that his "good friends", the neighbors, might eat it.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
account, compromised, email, hacked, ]yahoo

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑