[GRLUG] hacked

Casey DuBois casey at grlug.org
Wed Jul 27 12:19:02 EDT 2011


There are no emails in my yahoo sent items so I'm thinking they were
just using my info.

Here's one of the bounces.

--- Below this line is a copy of the message.

Received: from [98.139.91.67] by nm6.bullet.mail.sp2.yahoo.com with
NNFMP; 26 Jul 2011 23:43:19 -0000
Received: from [98.139.91.23] by tm7.bullet.mail.sp2.yahoo.com with
NNFMP; 26 Jul 2011 23:43:19 -0000
Received: from [127.0.0.1] by omp1023.mail.sp2.yahoo.com with NNFMP;
26 Jul 2011 23:43:19 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 105964.17562.bm at omp1023.mail.sp2.yahoo.com
Received: (qmail 59719 invoked by uid 60001); 26 Jul 2011 23:43:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com;
s=s1024; t=1311723798;
bh=soSPqOTZqBcEcDBOw4IWJp9/a7Gai2WIWgUN31NDKE8=;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:To:MIME-Version:Content-Type;
b=CZ+RbN2/NBd/ltBO8Gzy2SH/MQSmEyc+HRCEe80Je5veiIKXKHNkJxgEN8D3YsRIMbPHsYS5/QsEqHSdFybnEXtYUuLGWjlUkgnjihC/axC/kjbjfRyWn11bofWP5eVLoxfdmIEDdcObaGABZLos/QSAvG9QxOV1de109omfky0=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:To:MIME-Version:Content-Type;
  b=d1Vs+jXg05A7+0+0IFVV6tiVYCMKsokd82EzUfCTtoLXFm888GKtGhEQpOLHygZsHxSxsEZHxPbH1TkiJaOdh3brngu6lj8wT41CJyGG7+VRa9MVbAV+MB5J8p80VKyZXhJkdjBTebzSnlt1jliQoLRotyDcJxbRNzUc2lKYSBA=;
X-YMail-OSG: CTXSbL8VM1lT3OOQZmue6lfJjc2cF1ncuYx2JakiM8Dsi6D
SLmHEYQq7R.RcQK45GG3GOAVLQjsB2_Iq5moi6_JRf4H3qppkmdGxs73UhHE
xHqELbKhTaIYObNnUSCXBcCYQFS5rWvl2B3jdUhMUEL90py47Qginm0ShtMN
hTRQc3w5Jsz0GyG784IkETBJgv0dMl2YK7TWlsD9zm.KvV8XRWMYdVkZr6QF
m_yJn9jR_oxQ0cuE.vsUN7_POBXzHVz6l.aeqpvwpS2_tvfIipBfOaae0Wa4
k34pMVdOQobmRaxCsyAiUYe56s2NdJLcLH_lVgXbWNpK0PCTNZk.D0buLEt8
2mxXl3Oq8YP4S2nBSvt8Bj0dATNdwpejWILYqYTR3ZkYGPmsZwTYSsQfKKUa
3akT06d4HZvPeLpPg3FHlz13Ze5gH_d4dQakHgY7zznz9Tf3SZMulHqvF0.O
lfJ01mFgaOncaPeXHnJwKQEaV
Received: from [187.171.190.228] by web112018.mail.gq1.yahoo.com via
HTTP; Tue, 26 Jul 2011 16:43:18 PDT
X-Mailer: YahooMailWebService/0.8.112.310352
Message-ID: <1311723798.58860.YahooMailMobile at web112018.mail.gq1.yahoo.com>
Date: Tue, 26 Jul 2011 16:43:18 -0700 (PDT)




On Wed, Jul 27, 2011 at 12:14 PM, Jeff DeFouw <mrj at plorb.com> wrote:
> On Wed, Jul 27, 2011 at 10:37:41AM -0400, Casey DuBois wrote:
>> Hey Guys,
>>
>> My Yahoo seems to have been hacked by a spambot.
>>
>> It looks to have started at 7:40 and I got the first copy from myself
>> at around 7:43.
>> From what I can see it started hitting some heavy bounce/returns about
>> that time and may have stopped or got blocked.
>> I was able to change my password by 8ish but it looks like the damage
>> had been done.
>
> It's common for spammers to forge a real person or company e-mail
> address to send out spam.  Access to your account is not required.  Did
> you look at the bounce headers to see if the outgoing mail went through
> Yahoo?
>
> --
> Jeff DeFouw <mrj at plorb.com>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>



-- 
Casey DuBois
616-808-6942
casey at grlug.org

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the grlug mailing list