Educause Security Discussion mailing list archives
Re: New e-mail attack using valid webmail accounts
From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Mon, 10 Mar 2008 08:39:34 -0400
The account was easily identified by checking mail tracking logs. It was a student's account. I am certain the attack was random as no other accounts nor services were targeted. We checked audit logs on other services the student had access to (e.g. registration, payment, online classes, etc.) and the attacker did not use the credentials anywhere except on webmail. The person sending the spam had an IP address originating in the Netherlands. Whether they were physically at that location we'll never know [without spending a lot of resources]. Matt Matthew Jenkins Network/Server Administrator Fairmont State University 304.367.4955 Visit us online at www.fairmontstate.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bruggeman, John Sent: Friday, March 07, 2008 3:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] New e-mail attack using valid webmail accounts Did you find out what account was compromised or who was sending the spam? What I'm wondering is if the attack was random or if someone targeted your site? Thank you for sharing how you monitor your queues, I was wondering that myself. Best, John =================================================== John Bruggeman Director of Information Systems Hebrew Union College - Jewish Institute of Religion Cincinnati * New York * Los Angeles * Jerusalem jbruggeman () huc edu http://www.huc.edu
Current thread:
- New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 05)
- <Possible follow-ups>
- Re: New e-mail attack using valid webmail accounts John Ladwig (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Bradley, Stephen W. Mr. (Mar 06)
- Re: New e-mail attack using valid webmail accounts Michael H. Martel (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Bruggeman, John (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 10)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 14)
- New e-mail attack using valid webmail accounts Kenneth Arnold (Mar 14)
- Re: New e-mail attack using valid webmail accounts Brian Friday (Mar 14)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 14)
- Re: New e-mail attack using valid webmail accounts Curt Wilson (Mar 14)