[GRLUG] hacked
Jeff DeFouw
mrj at plorb.com
Wed Jul 27 12:56:45 EDT 2011
On Wed, Jul 27, 2011 at 12:19:02PM -0400, Casey DuBois wrote:
> There are no emails in my yahoo sent items so I'm thinking they were
> just using my info.
If it's just an SMTP server, they wouldn't go into your sent items.
> Here's one of the bounces.
>
> --- Below this line is a copy of the message.
>
> Received: from [98.139.91.67] by nm6.bullet.mail.sp2.yahoo.com with
> NNFMP; 26 Jul 2011 23:43:19 -0000
> Received: from [98.139.91.23] by tm7.bullet.mail.sp2.yahoo.com with
> NNFMP; 26 Jul 2011 23:43:19 -0000
> Received: from [127.0.0.1] by omp1023.mail.sp2.yahoo.com with NNFMP;
> 26 Jul 2011 23:43:19 -0000
> Received: from [187.171.190.228] by web112018.mail.gq1.yahoo.com via
> HTTP; Tue, 26 Jul 2011 16:43:18 PDT
> X-Mailer: YahooMailWebService/0.8.112.310352
> Message-ID: <1311723798.58860.YahooMailMobile at web112018.mail.gq1.yahoo.com>
The origin is a DSL customer in Mexico, and it's going through a Yahoo
SMTP server. There are other reports of forgeries through Yahoo, even
from different domains. It's hard to tell for certain what's going on
here.
--
Jeff DeFouw <mrj at plorb.com>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list