Re: Compromised email accounts



On May 21, 7:00 pm, Man Alive <nop...@xxxxxxxxxxx> wrote:
I'm in an IT department in a small community college that offers emails,
wireless, VPN to students.

Lately we have been having spammers access student email accounts and
sending spam. We are researching how the the account details were obtained..

I have looked in the server logs and noticed a number of successful
authentications from a suspicious IP; the authentications were to ~50
accounts. It looked like someone was testing if accounts from a list had
the correct credentials: the authentications were run via script.

Question: Are these type of account details bought and sold? I have a
feeling that someone bought set of college accounts and ran a script to
evaluate which were still working. About a month later the spam started.

I dealt with that while attending MTSU, back in the 1990's. The
problem then was the __stoned__ computer virus.

Most likely these days, and MBR infection would be spread via USB key
drive. Where the guy just pops it in, then walks off.

Check the access times, and see when the boot sector was infected.
Then start tracking.
.



Relevant Pages

  • Re: Compromised email accounts
    ... Lately we have been having spammers access student email accounts and ... sending spam. ... We are researching how the the account details were obtained. ...
    (comp.security.misc)
  • Re: Compromised email accounts
    ... Lately we have been having spammers access student email accounts and ... sending spam. ...
    (comp.security.misc)
  • Re: Compromised email accounts
    ... Lately we have been having spammers access student email accounts and ... sending spam. ... I do not think students are selling them, or they should be able to crack ...
    (comp.security.misc)
  • Re: Compromised email accounts
    ... sending spam. ... authentications from a suspicious IP; ... It looked like someone was testing if accounts from a list had ... I hear some wanted a contaminating agent: ...
    (comp.security.misc)
  • Re: Which Make And Model Of Modem/Router?
    ... Some will see the limitation of the wireless power output as a disadvantage but this is largely illusory. ... I have a vague interest in the VoIP ports and AFAICS that is a no-no with v6? ... I've got both sipgate and justvoip accounts working with my 2700, once I had entered the account details on the 2700 I had to reboot it for the accounts to register. ...
    (uk.telecom.broadband)