1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Epidemic of Yahoo Account Hacking?

Discussion in 'Web & Email' started by cwwozniak, Dec 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. cwwozniak

    cwwozniak Chuck Trusted Advisor Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    49,399
    A few days ago I got Spam that looked like it was sent from a friend's Yahoo account. A check of the headers showed that message was sent using HTTP access to the account from an IP address in Venezuela (friend is in the USA).

    We have two recent posts here of people getting spam from their friend's Yahoo accounts.
    http://forums.techguy.org/web-email/1032214-yahoo-email-spam-sent-all.html
    http://forums.techguy.org/web-email/1032004-spam-emails-yahoo-account.html

    A Google search for yahoo email compromised covering the last 7 days shows over 98,000 hits.

    I don't want to be an alarmist, but does it look like Yahoo accounts under a major hack attack or is this just the usual stuff that goes on every day for all the mail services?
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Did you check with the friend to see if there is a copy of that letter in his "Sent" folder? I have doubts that it was actually sent from that account.

    The spammers are very clever. They can strip the CC: addresses from emails they come across and then use those addresses to appear to send a letter from them when really they are from somewhere else. Malware on your own machine could send out your addresses for spammers to use as fakes. I'm not questioning your story, but just trying to point out that other things short of actual account access could be involved. DNS spoofing is another whole ball of wax. "Anonymous" emails can be sent out by anyone on servers set up for just that purpose.

    ("GMail compromised" comes up with 1,870,000 hits on Google's own search.)
     
  3. cwwozniak

    cwwozniak Chuck Trusted Advisor Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    49,399
    I am pretty sure it wasn't some spammer harvesting addresses from cc lists of legitimate emails sent by my friend. I have only known this friend for a short while and all of her e-mails to me were only sent to me with no other addresses shown in the To or CC headers.

    I checked the header of the spam and it showed that the message traveled directly from the Yahoo servers to the gmail servers used for my gmail account. I then checked the header of a legitimate e-mail from the friend and it showed an almost identical path; some differences being in the the last octet of the IP addresses and the name assigned to the Yahoo or gmail server. One big difference was the IP address that Yahoo was showing for the user that sent the e-mail via HTTP access. The legitimate e-mail showed an IP address that had a reverse DNS lookup for the friend's ISP in the USA. The spam header showed a completely different IP address. Some checking showed that the address was in a block of addresses assigned for use in Venezuela by a South American ISP. A Realtime Blackhole List (RBL) check showed that the specific IP address was found to be sending spam in the past. This made me suspect that the spammer may have been running a mail server as well as logging into one or more hacked Yahoo accounts.

    The friend did not see any spam in her sent folder, but I would not be surprised if the spammer deleted the sent messages in an attempt to hide their tracks.

    I can only think of two possible scenarios that caused this; 1) The friend had a simple to crack password, or 2) There is some malware running on her computer that was either a keylogger or user name and password catcher.

    EDIT: I am open to suggestions for other possible scenarios.

    FWiW, I did a Google search for GMail compromised, limiting the results for the past week, and got about 56,000 hits. Maybe I am just getting paranoid with getting spam from the friend and then seeing two new posts on TSG about Yahoo spamming.

    In any case, I am not taking off my tinfoil hat. :rolleyes: :D
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,058
    Unless he was a victim of an elaborate phishing scam, it's really not easy to crack a webmail account password, unless someone physically got access to his computer and used one of the many password recovery programs available on the Web.

    Furthermore, with all due respect, what would someone gain from going through all that trouble for something as benign as a nobody's email account? I think most people fall into paranoia in these cases... :D

    Email Spoofing

    Email Spoofing

    How do Spammers Harvest Email Addresses

    Seems Like You Volunteered to Receive Spam?

    You can't do much about it, at least not with the actual account. These links are to give you all the facts about email spoofing and how it is achieved, along with advice on how to avoid it, or at least limit it.

    Some viruses & worms spread by emailing themselves to all the email addresses they can find in the email address book. As some people forward jokes and other material by email to their friends, putting their friends' email addresses on either the To: or Cc: fields, rather than the BCc: field, some viruses and worms scan the mail folders for email addresses that are not in the address book, in hope to hit addresses of the computer owner's friends...
     
  5. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,058
    Most of those hits will come from people who never even knew email spoofing existed... ;)

    I always avoid logging into anything when using public Internet access points or other computers I have no control on. Many browsers are configured to retain user names and passwords, which in turn can be very easily recovered with free available password recovery programs. And I haven't yet mentioned keyloggers!
     
  6. cwwozniak

    cwwozniak Chuck Trusted Advisor Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    49,399
    The friend had a family member check out her computer and some malware was found and removed. She suspects she picked it up visiting a web site by clicking a link in an e-mail received through the Yahoo account. Protection software has also been installed. I did not get the details.

    “Just because you're paranoid doesn't mean they aren't after you”
    - Kurt Cobain
     
  7. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    I think the majority of claims from people that their accounts have been "hacked" are wrong and the explanations are usually much more mundane.

    A search for "i was abducted by aliens" comes back with many more hits than either of the earlier ones (2,720,000).

    "i ate my dog", exact quote search, comes back with 721,000, over 7-times more people than claimed to have their Yahoo accounts hacked.
     
  8. cwwozniak

    cwwozniak Chuck Trusted Advisor Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    49,399
    That just means the aliens are much more successful at finding victims than spammers. :p :D

    OK, I'm marking this one as solved.
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,058
  10. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    ...and people are a lot hungrier than anyone had imagined.:D
     
  11. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,058
    Well, considering that millions of people eat dog worldwide, not mentioning hot dogs, that number of Google hits is not surprising... [​IMG]
     
  12. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    The "my" part makes it a bit more surprising since it implies a pet. But you're right, people eat a lot of dogs. But then, there are more Asians on Yahoo than Westerners, too. So the hacking should be proportionally higher due to that. I switched to Chinese Yahoo just because they have free POP mail. :D
     
  13. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,058
    I know, but some will eat their pets as well, after fattening them up for a few years... [​IMG]
     
  14. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Yeh, that's true, too. When my brother was in Botswana, he couldn't let his cat out, either, for fear that his "good friends", the neighbors, might eat it.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1032222