Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT

• Previous message (by thread): Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT
• Next message (by thread): OT: problems getting to our net in maroc
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> We never figured out how the accounts were compromised. I suspect

another .edu here ..

how we've seen it happen is we get blasted by one of those "verify your 
email account" messages.
despite our countless efforts at user education about responding to this 
stuff, a dozen or so people always do (we try to configure outbound 
filters to catch it, but don't always do so in time).

These accounts are then used by automated scripts to hammer on our 
webmail (and ours is https, forced).

> Most of the spammers' messages appear as though someone
> is manually using their cut & paste to generate the spam,
> not anything automated (based on the rate messages go out.

When we've had it happen, the messages are being relayed at a rate of 
~10,000/hr.

Note that the messages sent *after* the compromise are NOT more of the 
"verify your account" type .. they're run-of-the-mill pill and watch 
adverts. The original "verify your account" stuff comes in from various 
botnet PCs.


Cheers,

Michael Holstein
Cleveland State University

• Previous message (by thread): Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT
• Next message (by thread): OT: problems getting to our net in maroc
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]