Loading ...
Sorry, an error occurred while loading the content.
 

Re: email hacked??

Expand Messages
  • maleroli
    Hello Rod, thank you for your mail to warn me. I have now change my password in my mail account (not by yahoo). I hope does the problem where cleared, with the
    Message 1 of 15 , Nov 30, 2012
      Hello Rod,

      thank you for your mail to warn me. I have now change my password in my mail account (not by yahoo).

      I hope does the problem where cleared, with the change from the password.

      But i wonder me does, when my mail account was hacked, no other users from 18 astronomy groups here in yahoo, and no friends from my private adressbook have no spammails from my private account.

      Why becomes only this group a hacked spammail with my username?.

      thank you and greetings

      Oliver

      --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
      >
      > It was not a "fake" email. It was from me, the group owner. We received a
      > message with your address/name on it that was a spam/phishing message.
      >
      >
      > Uncle Rod Mollise
      > Contributing Editor Sky and Telescope Magazine
      > Uncle Rod's Astroblog:
      > <http://uncle-rods.blogspot.com>
      >
      >
      >
      > -----Original Message-----
      > From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On Behalf
      > Of maleroli
      > Sent: Thursday, November 29, 2012 3:32 PM
      > To: sct-user@yahoogroups.com
      > Subject: [sct-user] email hacked??
      >
      > Hello,
      >
      > is this a fake mail, or was my account really hacked?.
      >
      > greetings from Hamburg/ Germany
      >
      > Oliver
      >
      >
      >
      > ------------------------------------
      >
      > Visit the sct-user home page at:
      >
      >
      >
      > http://skywatch.brainiac.com/SCThpYahoo! Groups Links
      >
    • maleroli
      Hello Rod, i hope does i have now solved the problem. thank you and greetings Oliver
      Message 2 of 15 , Dec 1, 2012
        Hello Rod,

        i hope does i have now solved the problem.

        thank you and greetings

        Oliver

        --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
        >
        > It was not a "fake" email. It was from me, the group owner. We received a
        > message with your address/name on it that was a spam/phishing message.
        >
        >
        > Uncle Rod Mollise
        > Contributing Editor Sky and Telescope Magazine
        > Uncle Rod's Astroblog:
        > <http://uncle-rods.blogspot.com>
        >
        >
        >
        > -----Original Message-----
        > From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On Behalf
        > Of maleroli
        > Sent: Thursday, November 29, 2012 3:32 PM
        > To: sct-user@yahoogroups.com
        > Subject: [sct-user] email hacked??
        >
        > Hello,
        >
        > is this a fake mail, or was my account really hacked?.
        >
        > greetings from Hamburg/ Germany
        >
        > Oliver
        >
        >
        >
        > ------------------------------------
        >
        > Visit the sct-user home page at:
        >
        >
        >
        > http://skywatch.brainiac.com/SCThpYahoo! Groups Links
        >
      • Rod Mollise
        I have no idea why you didn t hear anything from other group owners, but we did most assuredly receive a spam email under your email address. Uncle Rod Mollise
        Message 3 of 15 , Dec 1, 2012
          I have no idea why you didn't hear anything from other group owners, but we
          did most assuredly receive a spam email under your email address.


          Uncle Rod Mollise
          Contributing Editor Sky and Telescope Magazine
          Uncle Rod's Astroblog:
          <http://uncle-rods.blogspot.com>



          -----Original Message-----
          From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On Behalf
          Of maleroli
          Sent: Friday, November 30, 2012 12:32 PM
          To: sct-user@yahoogroups.com
          Subject: [sct-user] Re: email hacked??

          Hello Rod,

          thank you for your mail to warn me. I have now change my password in my mail
          account (not by yahoo).

          I hope does the problem where cleared, with the change from the password.

          But i wonder me does, when my mail account was hacked, no other users from
          18 astronomy groups here in yahoo, and no friends from my private adressbook
          have no spammails from my private account.

          Why becomes only this group a hacked spammail with my username?.

          thank you and greetings

          Oliver

          --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
          >
          > It was not a "fake" email. It was from me, the group owner. We
          > received a message with your address/name on it that was a spam/phishing
          message.
          >
          >
          > Uncle Rod Mollise
          > Contributing Editor Sky and Telescope Magazine Uncle Rod's Astroblog:
          > <http://uncle-rods.blogspot.com>
          >
          >
          >
          > -----Original Message-----
          > From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On
          > Behalf Of maleroli
          > Sent: Thursday, November 29, 2012 3:32 PM
          > To: sct-user@yahoogroups.com
          > Subject: [sct-user] email hacked??
          >
          > Hello,
          >
          > is this a fake mail, or was my account really hacked?.
          >
          > greetings from Hamburg/ Germany
          >
          > Oliver
          >
          >
          >
          > ------------------------------------
          >
          > Visit the sct-user home page at:
          >
          >
          >
          > http://skywatch.brainiac.com/SCThpYahoo! Groups Links
          >




          ------------------------------------

          Visit the sct-user home page at:



          http://skywatch.brainiac.com/SCThpYahoo! Groups Links
        • Rok Vidmar
          ... Because the spammer did not hack your password but got access to your computer with na sct-user message ready to reply to? -- Regards, Rok
          Message 4 of 15 , Dec 1, 2012
            > Why becomes only this group a hacked spammail with my username?.

            Because the spammer did not hack your password but
            got access to your computer with na sct-user message
            ready to reply to?
            --
            Regards, Rok
          • thad_floryan
            ... That specific spam was sent to only sct-user and the email address of fountainhillobservatory . Since everyone is speculating as to what happened and no
            Message 5 of 15 , Dec 1, 2012
              --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
              >
              > I have no idea why you didn't hear anything from other group
              > owners, but we did most assuredly receive a spam email under your
              > email address.

              That specific spam was sent to only sct-user and the email address of
              "fountainhillobservatory".

              Since everyone is speculating as to what happened and no one has
              provided the correct answer, I will since I have the tools to
              analyze problems such as this. All the answers can be found in
              what's known as the "Header" portion of an email which in this
              case the relevant items are:

              X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
              via HTTP; Thu, 29 Nov 2012 11:12:25 PST

              The 78.57.194.176 address is in Lithuania per:

              netname: LIETUVOS-TELEKOMAS
              e-mail: abuse@...
              perp's DSL location: 78-57-194-176.static.zebra.lt

              The perp used Raymond Ambrosini's Yahoo Web email account per:

              X-Mailer: YahooMailWebService/0.8.127.475
              X-Yahoo-Group-Post: member; u=345086341
              X-Yahoo-Profile: fountainhillsobservatory

              and the email was sent to:

              To: sct-user @ yahoogroups.com, fountainhillsobservatory @...

              which means someone was able to login to Raymond's Yahoo email
              account to send that email which, by the way, is still in the
              sct-user message archive as:

              <http://tech.groups.yahoo.com/group/sct-user/message/121183>
              Thu Nov 29, 2012 11:12 am

              and the spam message itself directs the unwary to this site:

              Domain Name: ITAEDU.COM
              Created on: 30-Aug-11
              Expires on: 30-Aug-13
              Last Updated on: 19-Aug-12

              Registrant:
              Adam Garcia
              219 w ramona blvd apt f
              San gabriel, California 91776
              United States

              Administrative Contact:
              Garcia, Adam gogarcia2 @ gmail.com
              219 w ramona blvd apt f
              San gabriel, California 91776
              United States
              +1.6264678985

              Technical Contact:
              Garcia, Adam gogarcia2 @ gmail.com
              219 w ramona blvd apt f
              San gabriel, California 91776
              United States
              +1.6264678985

              Most likely Raymond has the same passwords on many "social"
              networks (e.g., Fecebook, Twatter, etc.) and one of those was
              breached which in turn provided a link to Yahoo that was used
              by the perp to send the email.
            • Jason
              I picked up a virus on the group and it hit me Saturday night two weeks ago while out in the field trying to image. No phd no backyard eos, just a waisted
              Message 6 of 15 , Dec 1, 2012
                I picked up a virus on the group and it hit me Saturday night two weeks ago while out in the field trying to image. No phd no backyard eos, just a waisted night, sorry just ranting.

                Sent from my iPhone

                On Dec 1, 2012, at 11:30 PM, "thad_floryan" <thad@...> wrote:

                > --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                > >
                > > I have no idea why you didn't hear anything from other group
                > > owners, but we did most assuredly receive a spam email under your
                > > email address.
                >
                > That specific spam was sent to only sct-user and the email address of
                > "fountainhillobservatory".
                >
                > Since everyone is speculating as to what happened and no one has
                > provided the correct answer, I will since I have the tools to
                > analyze problems such as this. All the answers can be found in
                > what's known as the "Header" portion of an email which in this
                > case the relevant items are:
                >
                > X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
                > via HTTP; Thu, 29 Nov 2012 11:12:25 PST
                >
                > The 78.57.194.176 address is in Lithuania per:
                >
                > netname: LIETUVOS-TELEKOMAS
                > e-mail: abuse@...
                > perp's DSL location: 78-57-194-176.static.zebra.lt
                >
                > The perp used Raymond Ambrosini's Yahoo Web email account per:
                >
                > X-Mailer: YahooMailWebService/0.8.127.475
                > X-Yahoo-Group-Post: member; u=345086341
                > X-Yahoo-Profile: fountainhillsobservatory
                >
                > and the email was sent to:
                >
                > To: sct-user @ yahoogroups.com, fountainhillsobservatory @...
                >
                > which means someone was able to login to Raymond's Yahoo email
                > account to send that email which, by the way, is still in the
                > sct-user message archive as:
                >
                > <http://tech.groups.yahoo.com/group/sct-user/message/121183>
                > Thu Nov 29, 2012 11:12 am
                >
                > and the spam message itself directs the unwary to this site:
                >
                > Domain Name: ITAEDU.COM
                > Created on: 30-Aug-11
                > Expires on: 30-Aug-13
                > Last Updated on: 19-Aug-12
                >
                > Registrant:
                > Adam Garcia
                > 219 w ramona blvd apt f
                > San gabriel, California 91776
                > United States
                >
                > Administrative Contact:
                > Garcia, Adam gogarcia2 @ gmail.com
                > 219 w ramona blvd apt f
                > San gabriel, California 91776
                > United States
                > +1.6264678985
                >
                > Technical Contact:
                > Garcia, Adam gogarcia2 @ gmail.com
                > 219 w ramona blvd apt f
                > San gabriel, California 91776
                > United States
                > +1.6264678985
                >
                > Most likely Raymond has the same passwords on many "social"
                > networks (e.g., Fecebook, Twatter, etc.) and one of those was
                > breached which in turn provided a link to Yahoo that was used
                > by the perp to send the email.
                >
                >


                [Non-text portions of this message have been removed]
              • andy_brown_895
                Fecebook How apt indeed. No need, Never have, Never will. AndyB.
                Message 7 of 15 , Dec 2, 2012
                  "Fecebook"

                  How apt indeed.

                  No need, Never have, Never will.

                  AndyB.


                  --- In sct-user@yahoogroups.com, "thad_floryan" <thad@...> wrote:
                  >
                  > --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@> wrote:
                  > >
                  > > I have no idea why you didn't hear anything from other group
                  > > owners, but we did most assuredly receive a spam email under your
                  > > email address.
                  >
                  > That specific spam was sent to only sct-user and the email address of
                  > "fountainhillobservatory".
                  >
                  > Since everyone is speculating as to what happened and no one has
                  > provided the correct answer, I will since I have the tools to
                  > analyze problems such as this. All the answers can be found in
                  > what's known as the "Header" portion of an email which in this
                  > case the relevant items are:
                  >
                  > X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
                  > via HTTP; Thu, 29 Nov 2012 11:12:25 PST
                  >
                  > The 78.57.194.176 address is in Lithuania per:
                  >
                  > netname: LIETUVOS-TELEKOMAS
                  > e-mail: abuse@...
                  > perp's DSL location: 78-57-194-176.static.zebra.lt
                  >
                  > The perp used Raymond Ambrosini's Yahoo Web email account per:
                  >
                  > X-Mailer: YahooMailWebService/0.8.127.475
                  > X-Yahoo-Group-Post: member; u=345086341
                  > X-Yahoo-Profile: fountainhillsobservatory
                  >
                  > and the email was sent to:
                  >
                  > To: sct-user @ yahoogroups.com, fountainhillsobservatory @...
                  >
                  > which means someone was able to login to Raymond's Yahoo email
                  > account to send that email which, by the way, is still in the
                  > sct-user message archive as:
                  >
                  > <http://tech.groups.yahoo.com/group/sct-user/message/121183>
                  > Thu Nov 29, 2012 11:12 am
                  >
                  > and the spam message itself directs the unwary to this site:
                  >
                  > Domain Name: ITAEDU.COM
                  > Created on: 30-Aug-11
                  > Expires on: 30-Aug-13
                  > Last Updated on: 19-Aug-12
                  >
                  > Registrant:
                  > Adam Garcia
                  > 219 w ramona blvd apt f
                  > San gabriel, California 91776
                  > United States
                  >
                  > Administrative Contact:
                  > Garcia, Adam gogarcia2 @ gmail.com
                  > 219 w ramona blvd apt f
                  > San gabriel, California 91776
                  > United States
                  > +1.6264678985
                  >
                  > Technical Contact:
                  > Garcia, Adam gogarcia2 @ gmail.com
                  > 219 w ramona blvd apt f
                  > San gabriel, California 91776
                  > United States
                  > +1.6264678985
                  >
                  > Most likely Raymond has the same passwords on many "social"
                  > networks (e.g., Fecebook, Twatter, etc.) and one of those was
                  > breached which in turn provided a link to Yahoo that was used
                  > by the perp to send the email.
                  >
                • Rod Mollise
                  How did you pick up a virus on the group? The only way you would be able to would be with (1), an attachment, which are locked out, or, (2), clicking on a url
                  Message 8 of 15 , Dec 2, 2012
                    How did you pick up a virus on the group? The only way you would be able to would be with (1), an attachment, which are locked out, or, (2), clicking on a url in a message. NEVER click on urls you have not requested, not even from a buddy. ;-)


                    Uncle Rod Mollise
                    Contributing Editor Sky and Telescope Magazine
                    Uncle Rod's Astroblog:
                    <http://uncle-rods.blogspot.com>



                    -----Original Message-----
                    From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On Behalf Of Jason
                    Sent: Saturday, December 01, 2012 11:49 PM
                    To: sct-user@yahoogroups.com
                    Subject: Re: [sct-user] Re: email hacked??

                    I picked up a virus on the group and it hit me Saturday night two weeks ago while out in the field trying to image. No phd no backyard eos, just a waisted night, sorry just ranting.

                    Sent from my iPhone

                    On Dec 1, 2012, at 11:30 PM, "thad_floryan" <thad@...> wrote:

                    > --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                    > >
                    > > I have no idea why you didn't hear anything from other group owners,
                    > > but we did most assuredly receive a spam email under your email
                    > > address.
                    >
                    > That specific spam was sent to only sct-user and the email address of
                    > "fountainhillobservatory".
                    >
                    > Since everyone is speculating as to what happened and no one has
                    > provided the correct answer, I will since I have the tools to analyze
                    > problems such as this. All the answers can be found in what's known as
                    > the "Header" portion of an email which in this case the relevant items
                    > are:
                    >
                    > X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com via
                    > HTTP; Thu, 29 Nov 2012 11:12:25 PST
                    >
                    > The 78.57.194.176 address is in Lithuania per:
                    >
                    > netname: LIETUVOS-TELEKOMAS
                    > e-mail: abuse@...
                    > perp's DSL location: 78-57-194-176.static.zebra.lt
                    >
                    > The perp used Raymond Ambrosini's Yahoo Web email account per:
                    >
                    > X-Mailer: YahooMailWebService/0.8.127.475
                    > X-Yahoo-Group-Post: member; u=345086341
                    > X-Yahoo-Profile: fountainhillsobservatory
                    >
                    > and the email was sent to:
                    >
                    > To: sct-user @ yahoogroups.com, fountainhillsobservatory @...
                    >
                    > which means someone was able to login to Raymond's Yahoo email account
                    > to send that email which, by the way, is still in the sct-user message
                    > archive as:
                    >
                    > <http://tech.groups.yahoo.com/group/sct-user/message/121183>
                    > Thu Nov 29, 2012 11:12 am
                    >
                    > and the spam message itself directs the unwary to this site:
                    >
                    > Domain Name: ITAEDU.COM
                    > Created on: 30-Aug-11
                    > Expires on: 30-Aug-13
                    > Last Updated on: 19-Aug-12
                    >
                    > Registrant:
                    > Adam Garcia
                    > 219 w ramona blvd apt f
                    > San gabriel, California 91776
                    > United States
                    >
                    > Administrative Contact:
                    > Garcia, Adam gogarcia2 @ gmail.com
                    > 219 w ramona blvd apt f
                    > San gabriel, California 91776
                    > United States
                    > +1.6264678985
                    >
                    > Technical Contact:
                    > Garcia, Adam gogarcia2 @ gmail.com
                    > 219 w ramona blvd apt f
                    > San gabriel, California 91776
                    > United States
                    > +1.6264678985
                    >
                    > Most likely Raymond has the same passwords on many "social"
                    > networks (e.g., Fecebook, Twatter, etc.) and one of those was breached
                    > which in turn provided a link to Yahoo that was used by the perp to
                    > send the email.
                    >
                    >


                    [Non-text portions of this message have been removed]



                    ------------------------------------

                    Visit the sct-user home page at:



                    http://skywatch.brainiac.com/SCThpYahoo! Groups Links
                  • jason herrin
                    there was a link to a supposed free copy of nexremote and it took me to a site that looked like an official celestron site and i downloaded the copy of
                    Message 9 of 15 , Dec 2, 2012
                      there was a link to a supposed free copy of nexremote and it took me to a
                      site that looked like an official celestron site and i downloaded the copy
                      of nexremote. I turned off the computer, drove 45 minutes to my dark site
                      at my moms, got all set up, and the computer would only run in safe mode,.
                      no phd, no backyard eos, nothing. The virus screwed up my net. platform,
                      and a heads up to the guy that wrote backyard eos, I emailed him with the
                      problem and he correctly diagnosed the prob and got me up and imaging
                      again.

                      On Sun, Dec 2, 2012 at 8:11 AM, Rod Mollise <rmollise@...> wrote:

                      > **
                      >
                      >
                      > How did you pick up a virus on the group? The only way you would be able
                      > to would be with (1), an attachment, which are locked out, or, (2),
                      > clicking on a url in a message. NEVER click on urls you have not requested,
                      > not even from a buddy. ;-)
                      >
                      > Uncle Rod Mollise
                      > Contributing Editor Sky and Telescope Magazine
                      > Uncle Rod's Astroblog:
                      > <http://uncle-rods.blogspot.com>
                      >
                      >
                      > -----Original Message-----
                      > From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On
                      > Behalf Of Jason
                      > Sent: Saturday, December 01, 2012 11:49 PM
                      > To: sct-user@yahoogroups.com
                      > Subject: Re: [sct-user] Re: email hacked??
                      >
                      > I picked up a virus on the group and it hit me Saturday night two weeks
                      > ago while out in the field trying to image. No phd no backyard eos, just a
                      > waisted night, sorry just ranting.
                      >
                      > Sent from my iPhone
                      >
                      > On Dec 1, 2012, at 11:30 PM, "thad_floryan" <thad@...> wrote:
                      >
                      > > --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                      > > >
                      > > > I have no idea why you didn't hear anything from other group owners,
                      > > > but we did most assuredly receive a spam email under your email
                      > > > address.
                      > >
                      > > That specific spam was sent to only sct-user and the email address of
                      > > "fountainhillobservatory".
                      > >
                      > > Since everyone is speculating as to what happened and no one has
                      > > provided the correct answer, I will since I have the tools to analyze
                      > > problems such as this. All the answers can be found in what's known as
                      > > the "Header" portion of an email which in this case the relevant items
                      > > are:
                      > >
                      > > X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com via
                      > > HTTP; Thu, 29 Nov 2012 11:12:25 PST
                      > >
                      > > The 78.57.194.176 address is in Lithuania per:
                      > >
                      > > netname: LIETUVOS-TELEKOMAS
                      > > e-mail: abuse@...
                      > > perp's DSL location: 78-57-194-176.static.zebra.lt
                      > >
                      > > The perp used Raymond Ambrosini's Yahoo Web email account per:
                      > >
                      > > X-Mailer: YahooMailWebService/0.8.127.475
                      > > X-Yahoo-Group-Post: member; u=345086341
                      > > X-Yahoo-Profile: fountainhillsobservatory
                      > >
                      > > and the email was sent to:
                      > >
                      > > To: sct-user @ yahoogroups.com, fountainhillsobservatory @...
                      > >
                      > > which means someone was able to login to Raymond's Yahoo email account
                      > > to send that email which, by the way, is still in the sct-user message
                      > > archive as:
                      > >
                      > > <http://tech.groups.yahoo.com/group/sct-user/message/121183>
                      > > Thu Nov 29, 2012 11:12 am
                      > >
                      > > and the spam message itself directs the unwary to this site:
                      > >
                      > > Domain Name: ITAEDU.COM
                      > > Created on: 30-Aug-11
                      > > Expires on: 30-Aug-13
                      > > Last Updated on: 19-Aug-12
                      > >
                      > > Registrant:
                      > > Adam Garcia
                      > > 219 w ramona blvd apt f
                      > > San gabriel, California 91776
                      > > United States
                      > >
                      > > Administrative Contact:
                      > > Garcia, Adam gogarcia2 @ gmail.com
                      > > 219 w ramona blvd apt f
                      > > San gabriel, California 91776
                      > > United States
                      > > +1.6264678985
                      > >
                      > > Technical Contact:
                      > > Garcia, Adam gogarcia2 @ gmail.com
                      > > 219 w ramona blvd apt f
                      > > San gabriel, California 91776
                      > > United States
                      > > +1.6264678985
                      > >
                      > > Most likely Raymond has the same passwords on many "social"
                      > > networks (e.g., Fecebook, Twatter, etc.) and one of those was breached
                      > > which in turn provided a link to Yahoo that was used by the perp to
                      > > send the email.
                      > >
                      > >
                      >
                      > [Non-text portions of this message have been removed]
                      >
                      > ------------------------------------
                      >
                      >
                      > Visit the sct-user home page at:
                      >
                      > http://skywatch.brainiac.com/SCThpYahoo! Groups Links
                      >
                      >
                      >


                      [Non-text portions of this message have been removed]
                    • Ray Stann
                      Very interesting. Thanks for digging into this. Ray ... From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On Behalf Of thad_floryan Sent:
                      Message 10 of 15 , Dec 2, 2012
                        Very interesting. Thanks for digging into this.

                        Ray

                        -----Original Message-----
                        From: sct-user@yahoogroups.com [mailto:sct-user@yahoogroups.com] On Behalf
                        Of thad_floryan
                        Sent: Saturday, December 01, 2012 9:30 PM
                        To: sct-user@yahoogroups.com
                        Subject: [sct-user] Re: email hacked??

                        --- In sct-user@yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                        >
                        > I have no idea why you didn't hear anything from other group
                        > owners, but we did most assuredly receive a spam email under your
                        > email address.

                        That specific spam was sent to only sct-user and the email address of
                        "fountainhillobservatory".

                        Since everyone is speculating as to what happened and no one has
                        provided the correct answer, I will since I have the tools to
                        analyze problems such as this. All the answers can be found in
                        what's known as the "Header" portion of an email which in this
                        case the relevant items are:

                        X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
                        via HTTP; Thu, 29 Nov 2012 11:12:25 PST

                        The 78.57.194.176 address is in Lithuania per:

                        netname: LIETUVOS-TELEKOMAS
                        e-mail: abuse@...
                        perp's DSL location: 78-57-194-176.static.zebra.lt

                        The perp used Raymond Ambrosini's Yahoo Web email account per:

                        X-Mailer: YahooMailWebService/0.8.127.475
                        X-Yahoo-Group-Post: member; u=345086341
                        X-Yahoo-Profile: fountainhillsobservatory

                        and the email was sent to:

                        To: sct-user @ yahoogroups.com, fountainhillsobservatory @...

                        which means someone was able to login to Raymond's Yahoo email
                        account to send that email which, by the way, is still in the
                        sct-user message archive as:

                        <http://tech.groups.yahoo.com/group/sct-user/message/121183>
                        Thu Nov 29, 2012 11:12 am

                        and the spam message itself directs the unwary to this site:

                        Domain Name: ITAEDU.COM
                        Created on: 30-Aug-11
                        Expires on: 30-Aug-13
                        Last Updated on: 19-Aug-12

                        Registrant:
                        Adam Garcia
                        219 w ramona blvd apt f
                        San gabriel, California 91776
                        United States

                        Administrative Contact:
                        Garcia, Adam gogarcia2 @ gmail.com
                        219 w ramona blvd apt f
                        San gabriel, California 91776
                        United States
                        +1.6264678985

                        Technical Contact:
                        Garcia, Adam gogarcia2 @ gmail.com
                        219 w ramona blvd apt f
                        San gabriel, California 91776
                        United States
                        +1.6264678985

                        Most likely Raymond has the same passwords on many "social"
                        networks (e.g., Fecebook, Twatter, etc.) and one of those was
                        breached which in turn provided a link to Yahoo that was used
                        by the perp to send the email.




                        ------------------------------------

                        Visit the sct-user home page at:



                        http://skywatch.brainiac.com/SCThpYahoo! Groups Links
                      • Dale M
                        Thad,  it says the registrant of that e-mail was adam garcia of Cali. does that mean HE created this shit???!!!! IF SO I WILL CALL HIM!  LOL I dont really
                        Message 11 of 15 , Dec 2, 2012
                          Thad,
                           it says the registrant of that e-mail was adam garcia of Cali. does that mean HE created this shit???!!!! IF SO I WILL CALL HIM!  LOL
                          I dont really know what the registrant means so if you could tell me I would much appreciate that!

                          Hoping for Clear Skies!

                          From: thad_floryan <thad@...>
                          To: sct-user@yahoogroups.com
                          Sent: Sunday, December 2, 2012 12:30 AM
                          Subject: [sct-user] Re: email hacked??

                           
                          --- In mailto:sct-user%40yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                          >
                          > I have no idea why you didn't hear anything from other group
                          > owners, but we did most assuredly receive a spam email under your
                          > email address.

                          That specific spam was sent to only sct-user and the email address of
                          "fountainhillobservatory".

                          Since everyone is speculating as to what happened and no one has
                          provided the correct answer, I will since I have the tools to
                          analyze problems such as this. All the answers can be found in
                          what's known as the "Header" portion of an email which in this
                          case the relevant items are:

                          X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
                          via HTTP; Thu, 29 Nov 2012 11:12:25 PST

                          The 78.57.194.176 address is in Lithuania per:

                          netname: LIETUVOS-TELEKOMAS
                          e-mail: mailto:abuse%40zebra.lt
                          perp's DSL location: 78-57-194-176.static.zebra.lt

                          The perp used Raymond Ambrosini's Yahoo Web email account per:

                          X-Mailer: YahooMailWebService/0.8.127.475
                          X-Yahoo-Group-Post: member; u=345086341
                          X-Yahoo-Profile: fountainhillsobservatory

                          and the email was sent to:

                          To: sct-user @ yahoogroups.com, fountainhillsobservatory @...

                          which means someone was able to login to Raymond's Yahoo email
                          account to send that email which, by the way, is still in the
                          sct-user message archive as:

                          <http://tech.groups.yahoo.com/group/sct-user/message/121183>
                          Thu Nov 29, 2012 11:12 am

                          and the spam message itself directs the unwary to this site:

                          Domain Name: ITAEDU.COM
                          Created on: 30-Aug-11
                          Expires on: 30-Aug-13
                          Last Updated on: 19-Aug-12

                          Registrant:
                          Adam Garcia
                          219 w ramona blvd apt f
                          San gabriel, California 91776
                          United States

                          Administrative Contact:
                          Garcia, Adam gogarcia2 @ gmail.com
                          219 w ramona blvd apt f
                          San gabriel, California 91776
                          United States
                          +1.6264678985

                          Technical Contact:
                          Garcia, Adam gogarcia2 @ gmail.com
                          219 w ramona blvd apt f
                          San gabriel, California 91776
                          United States
                          +1.6264678985

                          Most likely Raymond has the same passwords on many "social"
                          networks (e.g., Fecebook, Twatter, etc.) and one of those was
                          breached which in turn provided a link to Yahoo that was used
                          by the perp to send the email.




                          [Non-text portions of this message have been removed]
                        • Prasad
                          Uncle Rod, Dale,  This may be a Yahoo vulnerability being exploited by spammer. Please see the news at link below. 
                          Message 12 of 15 , Dec 3, 2012
                            Uncle Rod, Dale, 

                            This may be a Yahoo vulnerability being exploited by spammer. Please see the news at link below. 
                            http://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/


                            Regards & 73
                            Prasad



                            >________________________________
                            >
                            >________________________________________________________________________
                            >Re: email hacked??    Posted by: "Dale M" lionsfan0_16@...0_16
                            >
                            >    Date: Sun Dec 2, 2012 12:55 pm ((PST))
                            >
                            >Thad,
                            > it says the registrant of that e-mail was adam garcia of Cali. does that mean HE created this shit???!!!! IF SO I WILL CALL HIM!  LOL
                            >I dont really know what the registrant means so if you could tell me I would much appreciate that!
                            >
                            >Hoping for Clear Skies!
                            >
                            >From: thad_floryan <thad@...>
                            >To: sct-user@yahoogroups.com
                            >Sent: Sunday, December 2, 2012 12:30 AM
                            >Subject: [sct-user] Re: email hacked??
                            >

                            >--- In mailto:sct-user%40yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                            >>
                            >> I have no idea why you didn't hear anything from other group
                            >> owners, but we did most assuredly receive a spam email under your
                            >> email address.
                            >
                            >That specific spam was sent to only sct-user and the email address of
                            >"fountainhillobservatory".
                            >
                            >Since everyone is speculating as to what happened and no one has
                            >provided the correct answer, I will since I have the tools to
                            >analyze problems such as this. All the answers can be found in
                            >what's known as the "Header" portion of an email which in this
                            >case the relevant items are:
                            >
                            >X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
                            >via HTTP; Thu, 29 Nov 2012 11:12:25 PST
                            >
                            >The 78.57.194.176 address is in Lithuania per:
                            >
                            >netname: LIETUVOS-TELEKOMAS
                            >e-mail: mailto:abuse%40zebra.lt
                            >perp's DSL location: 78-57-194-176.static.zebra.lt
                            >
                            >The perp used Raymond Ambrosini's Yahoo Web email account per:
                            >
                            >X-Mailer: YahooMailWebService/0.8.127.475
                            >X-Yahoo-Group-Post: member; u=345086341
                            >X-Yahoo-Profile: fountainhillsobservatory
                            >
                            >and the email was sent to:
                            >
                            >To: sct-user @ yahoogroups.com, fountainhillsobservatory @...
                            >
                            >which means someone was able to login to Raymond's Yahoo email
                            >account to send that email which, by the way, is still in the
                            >sct-user message archive as:
                            >
                            ><http://tech.groups.yahoo.com/group/sct-user/message/121183>
                            >Thu Nov 29, 2012 11:12 am
                            >
                            >and the spam message itself directs the unwary to this site:
                            >
                            >Domain Name: ITAEDU.COM
                            >Created on: 30-Aug-11
                            >Expires on: 30-Aug-13
                            >Last Updated on: 19-Aug-12
                            >
                            >Registrant:
                            >Adam Garcia
                            >219 w ramona blvd apt f
                            >San gabriel, California 91776
                            >United States
                            >
                            >Administrative Contact:
                            >Garcia, Adam gogarcia2 @ gmail.com
                            >219 w ramona blvd apt f
                            >San gabriel, California 91776
                            >United States
                            >+1.6264678985
                            >
                            >Technical Contact:
                            >Garcia, Adam gogarcia2 @ gmail.com
                            >219 w ramona blvd apt f
                            >San gabriel, California 91776
                            >United States
                            >+1.6264678985
                            >
                            >Most likely Raymond has the same passwords on many "social"
                            >networks (e.g., Fecebook, Twatter, etc.) and one of those was
                            >breached which in turn provided a link to Yahoo that was used
                            >by the perp to send the email.
                            >
                            >
                            >
                            >
                            >[Non-text portions of this message have been removed]
                            >
                            >
                            >
                            >
                            >
                            >
                            >Messages in this topic (13)
                            >
                            >
                            >
                            >Visit the sct-user home page at:
                            >
                            >
                            >
                            >http://skywatch.brainiac.com/SCThp
                            >
                            >------------------------------------------------------------------------
                            >Yahoo! Groups Links
                            >
                            >
                            >
                            >------------------------------------------------------------------------
                            >
                            >
                            >
                            >

                            [Non-text portions of this message have been removed]
                          • Dale M
                            lol, im scared to open it!!!!! Hoping for Clear Skies! From: Prasad To: sct-user@yahoogroups.com Sent:
                            Message 13 of 15 , Dec 3, 2012
                              lol, im scared to open it!!!!!


                              Hoping for Clear Skies!

                              From: Prasad <ad_prasad@...>
                              To: "sct-user@yahoogroups.com" <sct-user@yahoogroups.com>
                              Sent: Monday, December 3, 2012 7:10 PM
                              Subject: [sct-user] Re: email hacked??

                               
                              Uncle Rod, Dale, 

                              This may be a Yahoo vulnerability being exploited by spammer. Please see the news at link below. 
                              http://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/

                              Regards & 73
                              Prasad

                              >________________________________
                              >
                              >__________________________________________________________
                              >Re: email hacked??    Posted by: "Dale M" mailto:lionsfan0_16%40yahoo.comlionsfan0_16
                              >
                              >    Date: Sun Dec 2, 2012 12:55 pm ((PST))
                              >
                              >Thad,
                              > it says the registrant of that e-mail was adam garcia of Cali. does that mean HE created this shit???!!!! IF SO I WILL CALL HIM!  LOL
                              >I dont really know what the registrant means so if you could tell me I would much appreciate that!
                              >
                              >Hoping for Clear Skies!
                              >
                              >From: thad_floryan <mailto:thad%40thadlabs.com>
                              >To: mailto:sct-user%40yahoogroups.com
                              >Sent: Sunday, December 2, 2012 12:30 AM
                              >Subject: [sct-user] Re: email hacked??
                              >

                              >--- In mailto:sct-user%40yahoogroups.com, "Rod Mollise" <rmollise@...> wrote:
                              >>
                              >> I have no idea why you didn't hear anything from other group
                              >> owners, but we did most assuredly receive a spam email under your
                              >> email address.
                              >
                              >That specific spam was sent to only sct-user and the email address of
                              >"fountainhillobservatory".
                              >
                              >Since everyone is speculating as to what happened and no one has
                              >provided the correct answer, I will since I have the tools to
                              >analyze problems such as this. All the answers can be found in
                              >what's known as the "Header" portion of an email which in this
                              >case the relevant items are:
                              >
                              >X-Received: from [78.57.194.176] by web125406.mail.ne1.yahoo.com
                              >via HTTP; Thu, 29 Nov 2012 11:12:25 PST
                              >
                              >The 78.57.194.176 address is in Lithuania per:
                              >
                              >netname: LIETUVOS-TELEKOMAS
                              >e-mail: mailto:abuse%40zebra.lt
                              >perp's DSL location: 78-57-194-176.static.zebra.lt
                              >
                              >The perp used Raymond Ambrosini's Yahoo Web email account per:
                              >
                              >X-Mailer: YahooMailWebService/0.8.127.475
                              >X-Yahoo-Group-Post: member; u=345086341
                              >X-Yahoo-Profile: fountainhillsobservatory
                              >
                              >and the email was sent to:
                              >
                              >To: sct-user @ yahoogroups.com, fountainhillsobservatory @...
                              >
                              >which means someone was able to login to Raymond's Yahoo email
                              >account to send that email which, by the way, is still in the
                              >sct-user message archive as:
                              >
                              ><http://tech.groups.yahoo.com/group/sct-user/message/121183>
                              >Thu Nov 29, 2012 11:12 am
                              >
                              >and the spam message itself directs the unwary to this site:
                              >
                              >Domain Name: ITAEDU.COM
                              >Created on: 30-Aug-11
                              >Expires on: 30-Aug-13
                              >Last Updated on: 19-Aug-12
                              >
                              >Registrant:
                              >Adam Garcia
                              >219 w ramona blvd apt f
                              >San gabriel, California 91776
                              >United States
                              >
                              >Administrative Contact:
                              >Garcia, Adam gogarcia2 @ gmail.com
                              >219 w ramona blvd apt f
                              >San gabriel, California 91776
                              >United States
                              >+1.6264678985
                              >
                              >Technical Contact:
                              >Garcia, Adam gogarcia2 @ gmail.com
                              >219 w ramona blvd apt f
                              >San gabriel, California 91776
                              >United States
                              >+1.6264678985
                              >
                              >Most likely Raymond has the same passwords on many "social"
                              >networks (e.g., Fecebook, Twatter, etc.) and one of those was
                              >breached which in turn provided a link to Yahoo that was used
                              >by the perp to send the email.
                              >
                              >
                              >
                              >
                              >[Non-text portions of this message have been removed]
                              >
                              >
                              >
                              >
                              >
                              >
                              >Messages in this topic (13)
                              >
                              >
                              >
                              >Visit the sct-user home page at:
                              >
                              >
                              >
                              >http://skywatch.brainiac.com/SCThp
                              >
                              >----------------------------------------------------------
                              >Yahoo! Groups Links
                              >
                              >
                              >
                              >----------------------------------------------------------
                              >
                              >
                              >
                              >

                              [Non-text portions of this message have been removed]




                              [Non-text portions of this message have been removed]
                            Your message has been successfully submitted and would be delivered to recipients shortly.