Compromised email accounts
- From: Man Alive <nopsam@xxxxxxxxxxx>
- Date: Wed, 21 May 2008 15:00:40 -0700
I'm in an IT department in a small community college that offers emails, wireless, VPN to students.
Lately we have been having spammers access student email accounts and sending spam. We are researching how the the account details were obtained.
I have looked in the server logs and noticed a number of successful authentications from a suspicious IP; the authentications were to ~50 accounts. It looked like someone was testing if accounts from a list had the correct credentials: the authentications were run via script.
Question: Are these type of account details bought and sold? I have a feeling that someone bought set of college accounts and ran a script to evaluate which were still working. About a month later the spam started.
.
- Follow-Ups:
- Re: Compromised email accounts
- From: Todd H.
- Re: Compromised email accounts
- Prev by Date: Top 5 Reasons to Attend USENIX '08
- Next by Date: Re: Compromised email accounts
- Previous by thread: Top 5 Reasons to Attend USENIX '08
- Next by thread: Re: Compromised email accounts
- Index(es):
Relevant Pages
|
