On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: > Recently one of my Yahoo accts was compromised. Mail was sent all over > the place with nonsense, to LDU also.
> [. . . ] > And how is an account compromised? Looks like it's a growing trend to me. One of my friend was hit a while ago as well. Because she is not that tech savvy, I couldn't figure out how it actually happened either. Do you have any clue yourself? Don't worry if you don't. you are not the first victim. While I was trying to find the reason for her, I found the following, Am I sending out spam? http://boards.straightdope.com/sdmb/showthread.php?t=633043 in which the OP says, "1)I'm ridiculously careful about that kind of stuff and I'm not sure I could be tricked into it. 2)This is a seldom used account. It's not used for any social networking sites, I never would have typed in the username/password anywhere other then on the webmail page and my phone (it's a POP3 account).. . ." In other words, it is happening to those who are careful about such things. So any hints might help. Judging from her email header, I can tell that the spammer was really able to get into her account, send email from within the yahoo web mail interface, to all her contacts, using an Android cell phone through the YahooMail Mobile phone Web Service. BTW, the spammer IP address was 117.195.97.137, and the 117.195.96.0/20 address block (117.192.0.0 - 117.207.255.255) belongs to BSNL Internet in India, according to a whois lookup. Here is the full email header: Received: (qmail 62123 invoked by uid 60001); 20 Dec 2011 20:24:45 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com; s=s1024; t=1324412685; bh=Uerd3bJ2IEQlAxxINeFmfZ/RbZ1Dqn4BLyX/qf4QVRE=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME- Version:Content-Type; b=mCaYOO18t1+C9xm1u0Fisd1s9fO5+MR6Mykku0cZMf9smq +yg2Qx70hK8mdurk97PTUDW/OsJSnLugzArQQWiApnLVG/t+CIZr +IAYdBNwFQXZ1lotAOpW1tGMtcMI6QjtFXZt9gYWOAHVamCYAKq0Vf4meMnfNGk88NisYQgE4= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME- Version:Content-Type; b=pT7VarhBYaYQUGmhmthvyP7UjypmjidcaFIJO8yLX4FGZsqHbsy+iazsEfC1bWdo1rC/ djsMlFv6tuhEoKrzjLJ45sMmDDBuQWIXZpzZjMGw5ILVRsGPrp2OeS/WDTc9pvGS6dTFiU +DjbFcWPCIncoOobSNVCSQVFdPmtQ7eKI=; X-YMail-OSG: JcRxq6EVM1nm3zKFcoOnAtEo23MwEaGh9nAQXyvg7XOo1J. tnKPDlwG_SvTEDpG8ylRTyTahWKUtOAxa4.bE_WiHzbvHbRxirSg5d3h.rjL LT84eL012aK0Fp835Z_7H0ahfrV6JIOlOJW_9PvPjOKllgMvEOwWbjuoOf8H SEUEfWQwcFbK7Oxn39c.APJmVwM5gk5ry77kt1f_pExbC9CS1TzUk_Wrw.su R9zfMRzAIcKKW0obEWK7d6BoeKiIhl2o5ndOOePZz7_NEoAvZKmqg5lIPSI9 gM9jDmHVH8gS1rESp4qTSMukULc6u9d1b02PHCOum0i4g_zG4lUX7yWOIYJ3 71qJl6YkJKjebVUt5.Ilemt2DxIy9DZ4CYTCB0eY.6itVYj7JeuS2fzvhse1 s_wuKst.ftWlM7g34z..crd9VRL5vKoZw6SPwWII17p_XKk9mfo.a.FuZ1kW n0ovtEqD4ZyFbqCcRMcJjS0wx2CDmDzWx7ftt.KtZSOvl_NIvuGW9JeVK_w. WR4Ulzk.XiFfm3UOnBTilXKxSC_bBNubfwpzLKk1foQ-- Received: from [117.195.97.137] by web88605.mail.bf1.yahoo.com via HTTP; Tue, 20 Dec 2011 12:24:44 PST X-Mailer: YahooMailWebService/0.8.115.331698 Message-ID: <1324412684.53494.androidmob...@web88605.mail.bf1.yahoo.com> Date: Tue, 20 Dec 2011 12:24:44 -0800 (PST) From: ...... Subject: I DID IT! -- Tong (remove underscore(s) to reply) http://xpt.sourceforge.net/techdocs/ http://xpt.sourceforge.net/tools/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jd83uc$uf2$1...@dough.gmane.org
