Re: Compromised email accounts



Man Alive <nopsam@xxxxxxxxxxx> writes:

I'm in an IT department in a small community college that offers
emails, wireless, VPN to students.

Lately we have been having spammers access student email accounts and
sending spam. We are researching how the the account details were
obtained.

I have looked in the server logs and noticed a number of successful
authentications from a suspicious IP; the authentications were to ~50
accounts. It looked like someone was testing if accounts from a list
had the correct credentials: the authentications were run via script.

Question: Are these type of account details bought and sold? I have a
feeling that someone bought set of college accounts and ran a script
to evaluate which were still working. About a month later the spam
started.

What web based email software are you running? Is it or was it
susceptible to SQL injection whereby the attacker may have dumped the
passwords for all email accounts?

It's also possible that keylogging trojans on shared computers mights
be to blame as well.

The first step would be to force a password change on the affected
accounts of course, then keep an eye on things while you try to
figure out how they got the accounts. Patching is one possibility.

Good luck, post back.

Best Regards,
--
Todd H.
http://www.toddh.net/
.



Relevant Pages

  • Re: Email Accounts - workgroup => domain have emails but lost acco
    ... Yes same PC, was in a workgroup network, now in a domain network. ... Diane Poremsky [MVP - Outlook] ... What I am still missing is the email accounts. ...
    (microsoft.public.outlook.general)
  • Re: Mail / accounts on iPad?
    ... Multiple email accounts aren't the issue here though are they? ... "These are your mail accounts here, mum and dad. ... Perhaps it would be simpler after all to just use the combined inbox? ...
    (uk.comp.sys.mac)
  • Re: Connection Manager to Exchange/POP3 account
    ... different accounts. ... There are two email accounts POP and Exchange. ... using Outlook 2007 and perhaps has some funky stuff I don't know about yet. ... Also in Outlook, she has a personal folder with an Inbox, Contacts, ...
    (microsoft.public.windows.server.sbs)
  • >>>> HACK ACCOUNTS <<<<
    ... Hack Habbo Hotel Accounts ... How To Hack Runescape Accounts ... How To Hack Email Accounts ...
    (sci.lang.translation.marketplace)
  • Re: Email Accounts - workgroup => domain have emails but lost account
    ... the accounts are in your registry in the windows account you used to use. ... Diane Poremsky [MVP - Outlook] ... I have a small network of PCs. ... What I am still missing is the email accounts. ...
    (microsoft.public.outlook.general)