Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exchange/Microsoft SMTP Authenticated User spam?

From: Mark Webb-Johnson <security () network-box com>
Date: 15 Oct 2003 09:08:42 +0800

We can confirm that we have seen a single occurance of this on
one site we installed our product into last week. A weak SMTP AUTH
username+password was the culprit, and the spam was coming from a
dial-up ISP in Brazil.

Regards,
Mark Webb-Johnson

On Wed, 2003-10-15 at 01:55, Mike Lewinski wrote:

wirepair wrote:


We've had two calls in the past month regarding supposed authenticated 
users sending out spam and using their external mail servers as 
relays. I was just curious if anyone else has seen this type of activity. 



We have been seeing a lot of SMTP AUTH abuse, not just on Exchange but 
on any platforms that support it. The perpetrator(s) appear to be going 
after well known accounts with weak passwords (i.e. webmaster / webmaster).

See also:

http://www.merit.edu/mail.archives/nanog/msg15353.html
http://groups.google.com/groups?selm=3F869683.3000303%40blackehlo.cluestick.org




---------------------------------------------------------------------------
----------------------------------------------------------------------------

-- 
Mark Webb-Johnson <security () network-box com>
Network Box Corporation Ltd


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: