Educause Security Discussion mailing list archives
Re: Consistent threads for compromised accounts
From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Thu, 9 Feb 2017 12:06:51 +1300
Quoting Frank Barton (2017-02-09 05:53:33)
- We've seen some "test" messages that seem to get sent to specific accounts when the account is first compromised
Agreed, this is a very common practice. Sometimes the test addresses are interleaved into the main outbound runs as well. We maintain lists of test addresses and use these to detect active compromises. -- Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z. ✉ jim.cheetham () otago ac nz ☏ +64 3 470 4670 ☏ m +64 21 279 4670 ⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605
Attachment:
signature.asc
Description: signature
Current thread:
- Consistent threads for compromised accounts Frank Barton (Feb 08)
- Re: Consistent threads for compromised accounts Jim Cheetham (Feb 08)