Re: [CentralTexasGeocachers] hacked!?
- The main thng is that these sorts of emails ARE obvious. Most don't have a subject line, and the only text is the link.I NEVER click through if there's not something clearly personal describing what the heck I'm to look at.And the link strings are clearly advert strings.A simple look before you click. And maybe not click anyway.'Cause, unfortunately, this stuff ain't going away, is it? *sigh*BarbJ =sometimes humans make me sad=Tygress
---------- Original Message ----------
From: Dave Read <dave@...>
Subject: Re: [CentralTexasGeocachers] (unknown)
Date: Tue, 08 Jan 2013 20:03:20 -0600Not necessarily. Email headers are easily forged; it would be trivial for someone with the right skills to send an email to this list that purported to be from…say…zionzr2@.... The protocol used to send mail (SMTP) has no way of authenticating that the sender is who he claims to be. There are other protocols that do authenticate the sender, but they are not widely used yet.Anyway, spammers have been using this security hole for close to a decade now. The way it works is this: computer A gets compromised with a virus/trojan/rootkit/whatever, and the malware harvests the address list. Then it randomly selects one email address from the list and sends email to **all the other addresses in the list** but with the email header spoofed so it looks like the email came from the selected address. The point is that much of the time, if two people are in your address book, they also know each other.An example: Alice's computer gets hacked. It sends email to everyone in Alice's address book, but makes it look like that email came from Bob. Then when Charlie gets spam (with a phishing link in it, like the ones that we have seen on our list recently), he recognize's Bob's name and thus thinks the email is safe and is willing to click on the link. Worse still, once he recovers from his machine getting hacked, he calls up Bob and cusses him out for getting hacked…but Bob's machine was not the culprit; it was Alice's all along. When Bob runs his antivirus checker, he comes up clean, and no one thinks to call Alice and ask her about the state of her machine.Anyway, I suspect that's what is going on here; someone who has Manny Jimenez and the mailing list in their address book has been hacked, and we're seeing the result. This sort of thing is common outside of mailing lists, but for it to work against a mailing list, both Manny and the mailing list have to be in the victim's address book…a much lower probability occurrence, to be sure.Cheers,DaveTeam Landshark
Looks like this was a compromised email account. Hackers/Spammer use easy to crack passwords (these passwords are usually short and are words found in the dictionary) to compromise yahoo, hotmail and even gmail accounts to spam everyone on the contacts list without the account holder even knowing it. Changing passwords to stronger password types including symbols and capitols and the longer the better is usually all thats needed to keep this to a minimum.On Tue, Jan 8, 2013 at 7:29 PM, Greg Jewett <geojewett@...> wrote:
Yeah..I hope no one opened this link. Someone on the list is infected with a virus.
Greg JewettGeocache/Munzee Handle: GeoJewett(512) 627-7290geojewett (at) geocachingaustin.comhttp://geocaching.ejewett.com/
><> ><> ><> ><> ><>
<>< <>< <>< <>< <><
Woman is 53 But Looks 25
Mom reveals 1 simple wrinkle trick that has angered doctors...