nanog mailing list archives
Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 27 May 2008 14:47:10 -0400
We never figured out how the accounts were compromised. I suspect
another .edu here ..how we've seen it happen is we get blasted by one of those "verify your email account" messages. despite our countless efforts at user education about responding to this stuff, a dozen or so people always do (we try to configure outbound filters to catch it, but don't always do so in time).
These accounts are then used by automated scripts to hammer on our webmail (and ours is https, forced).
Most of the spammers' messages appear as though someone is manually using their cut & paste to generate the spam, not anything automated (based on the rate messages go out.
When we've had it happen, the messages are being relayed at a rate of ~10,000/hr.
Note that the messages sent *after* the compromise are NOT more of the "verify your account" type .. they're run-of-the-mill pill and watch adverts. The original "verify your account" stuff comes in from various botnet PCs.
Cheers, Michael Holstein Cleveland State University
Current thread:
- Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT Peter Dambier (May 24)
- Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT Ari Constancio (May 24)
- Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT Graeme Fowler (May 24)
- Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT Matthew Black (May 27)
- Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT Michael Holstein (May 27)
- Re: Fake-alert: VERIFY YOUR MERIT.EDU WEBMAIL ACCOUNT Matthew Black (May 27)