Educause Security Discussion mailing list archives

Re: Consistent threads for compromised accounts

From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Thu, 9 Feb 2017 12:06:51 +1300

Quoting Frank Barton (2017-02-09 05:53:33)

   - We've seen some "test" messages that seem to get sent to specific
   accounts when the account is first compromised


Agreed, this is a very common practice. Sometimes the test addresses are interleaved into the main outbound runs as 
well. We maintain lists of test addresses and use these to detect active compromises.

--
Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z.
✉ jim.cheetham () otago ac nz    ☏ +64 3 470 4670    ☏ m +64 21 279 4670
⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605

Attachment: signature.asc
Description: signature

Current thread:

Consistent threads for compromised accounts Frank Barton (Feb 08)
- Re: Consistent threads for compromised accounts Jim Cheetham (Feb 08)