Re: Exchange/Microsoft SMTP Authenticated User spam?

From: Mark Webb-Johnson (security_at_network-box.com)
Date: 10/15/03

  • Next message: Peter Moody: "Re: Exchange/Microsoft SMTP Authenticated User spam?" 
    To: Mike Lewinski <mike@rockynet.com>
Date: 15 Oct 2003 09:08:42 +0800

    We can confirm that we have seen a single occurance of this on
    one site we installed our product into last week. A weak SMTP AUTH
    username+password was the culprit, and the spam was coming from a
    dial-up ISP in Brazil.

    Regards,
    Mark Webb-Johnson

    On Wed, 2003-10-15 at 01:55, Mike Lewinski wrote:
    > wirepair wrote:
    >
    > > We've had two calls in the past month regarding supposed authenticated
    > > users sending out spam and using their external mail servers as
    > > relays. I was just curious if anyone else has seen this type of activity.
    >
    >
    > We have been seeing a lot of SMTP AUTH abuse, not just on Exchange but
    > on any platforms that support it. The perpetrator(s) appear to be going
    > after well known accounts with weak passwords (i.e. webmaster / webmaster).
    >
    > See also:
    >
    > http://www.merit.edu/mail.archives/nanog/msg15353.html
    > http://groups.google.com/groups?selm=3F869683.3000303%40blackehlo.cluestick.org
    >
    >
    >
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------- 

    -- 
Mark Webb-Johnson <security@network-box.com>
Network Box Corporation Ltd
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Peter Moody: "Re: Exchange/Microsoft SMTP Authenticated User spam?"