Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



1006 posts

Uber Geek
+1 received by user: 42


Topic # 114135 9-Feb-2013 21:27 Send private message

People are reporting (myself included) that they are getting spam from people at Xtra.

I've just had a couple come through myself.  To me, it looks like there could be some widespread email password compromise at Yahoo/Xtra.

Why do I say this?  Here are the Receieved headers:
Received: from nm19-vm6.bullet.mail.gq1.yahoo.com ([98.136.217.29]:36873)
by omicron.elinuxservers.com with smtp (Exim 4.77)
(envelope-from <******@yahoo.com>)
id 1U45JA-000707-7k
for *******@gogo.co.nz; Fri, 08 Feb 2013 23:57:17 -0800
Received: from [98.137.12.175] by nm19.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [98.137.12.227] by tm14.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [127.0.0.1] by omp1035.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [166.137.116.48] by web163406.mail.gq1.yahoo.com via HTTP; Fri, 08 Feb 2013 23:57:10 PST



Clearly Yahoo's SMTP servers have been used to send the mail, and it's from a person I have had contact with previously, so I'm in their address book, the To: header also includes other people obviously in that address book.

I've just had two come through, from completely different people, but both Xtra users, with whom I have had contact in the past (but not related to each other in any way).

I can't see any realistic way that this can't be a compromise of some description at the Yahoo/Xtra level.

Discussion at TradeMe about it:
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1208005&topic=10&#p24509603
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1207998&topic=5




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
7227 posts

Uber Geek
+1 received by user: 401


  Reply # 758811 9-Feb-2013 21:51 Send private message

I was actually just about to post on the same topic. I have been getting heaps of these emails from Telecom / Xtra / Yahoo addresses, from people who I have emailed in the past, so they are legit people. ALso only started happening today, and they are coming through to differnet email address I have on different networks, so it isn't a spam filtering problem at my end,They are also only coming from these addresses too. Possibly it may make mainstream media by next week.

1736 posts

Uber Geek
+1 received by user: 325

Trusted
Spark NZ

  Reply # 758814 9-Feb-2013 22:05 Send private message

It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.

Are there a few more full headers either post them here or forward them through to pl at telecom dot co dot nz.




I work for Spark, but as always my views are my own.

27 posts

Geek


  Reply # 758815 9-Feb-2013 22:09 Send private message

I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?

1958 posts

Uber Geek
+1 received by user: 97

Trusted
Subscriber

  Reply # 758816 9-Feb-2013 22:10 Send private message

plambrechtsen: It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.


I have forwarded mine through.

Cheers.




Nexus 5, Galaxy Tab S, HP Ultrabook, Mysky HDi, 2talk, Pebble Steel

1736 posts

Uber Geek
+1 received by user: 325

Trusted
Spark NZ

  Reply # 758821 9-Feb-2013 22:23 Send private message

Can anyone please forward as many of these spam messages to [email protected] including full headers.

And on a personal note:

Bituser: I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?


I personally think you may be right.  But it's being investigated.






I work for Spark, but as always my views are my own.

1213 posts

Uber Geek
+1 received by user: 78


  Reply # 758827 9-Feb-2013 23:17 Send private message

Yup, I received a spam email from a friend today and started today only!




4 posts

Wannabe Geek


  Reply # 758844 10-Feb-2013 01:13 Send private message

Checked my Yahoo! E-mail from my phone ~ 6:30pm
Had about 40 Daemon/Postmaster responses from ~ 4:30pm 

Checked the logs of my logins and found:We detected a suspicious login to your Yahoo! account (Feb 9, 2013, 4:29 PM) from ID, US (65.73.219.94).

Received a spam e-mail to my Gmail account ~ 8:30pm.




7118 posts

Uber Geek
+1 received by user: 836

Trusted
Subscriber

  Reply # 758845 10-Feb-2013 02:01 Send private message

Sorry to say, but since Xtra teamed up with Yahoo, their email system has been a absolute disaster. Very few people there have any control over it, the spam filtering is terrible, and no matter how many lapses they have, they cling to Yahoo. Considering how over the top the security is (How many people here have tried to get whitelisted), this seems unthinkable.


1958 posts

Uber Geek
+1 received by user: 97

Trusted
Subscriber

  Reply # 758862 10-Feb-2013 08:40 Send private message

Ok. So reading the comments on thenextweb changing the password on the account doesn't seem to help. Plambrechtsen do you have any advice for customers who may be affected by this yet?

Cheers, Matt.




Nexus 5, Galaxy Tab S, HP Ultrabook, Mysky HDi, 2talk, Pebble Steel

1736 posts

Uber Geek
+1 received by user: 325

Trusted
Spark NZ

  Reply # 758879 10-Feb-2013 09:26 Send private message

The response I have had is if you have been affected you will need to change your password but the issue has been resolved.

--
Yahoo advised Telecom early on Sunday morning that the issue had been resolved, however any customers affected will need to change their password to avoid any further issues. Customers can change their password themselves by following this link: https://selfservice.xtra.co.nz/live/selfservice/ChgPwd/

If customers have any further issues, we ask that they contact Telecom's Broadband Helpdesk on 0800 225 598.
--




I work for Spark, but as always my views are my own.

334 posts

Ultimate Geek
+1 received by user: 5


  Reply # 758880 10-Feb-2013 09:26 Send private message

I'm getting incorrect password message when I try to login using Windows Live mail.  I can log in just fine using the Yahoo App on my phone though.




mxpress

414 posts

Ultimate Geek
+1 received by user: 40


  Reply # 758922 10-Feb-2013 12:32 Send private message

Mxpress sounds like you might have been pop blocked. Try log into the webmail and see if it works after that. You may need to update the password on all of your devices.

334 posts

Ultimate Geek
+1 received by user: 5


  Reply # 758939 10-Feb-2013 13:01 Send private message

Webmail worked fine and finally POP3 has started working as per normal again




mxpress

4 posts

Wannabe Geek


  Reply # 759067 10-Feb-2013 17:13 Send private message

According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.



1006 posts

Uber Geek
+1 received by user: 42


  Reply # 759086 10-Feb-2013 17:57 Send private message

ORaven: According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.


They might say it's been fixed, but others disagree aparently.

Seems they mean fixed in that they prevented the XSS attack but haven't done anything about those that were already compromised

http://www.facebook.com/telecomnz/posts/10151452390260659


24/7 Hosting NZ FYI: We're noticing xtra.co.nz linked to our clients accounts are again sending spam, this time the message is HTML based. Might be worth a further investigation. Occurring since around midday today.57 minutes ago · 1

Thanks 24/7 Hosting, and thanks too for raising this when you noticed. Until those with affected account change their passwords, it's likely the phishers will keep on taking advantage. If any are clients of yours, I'd put out the "Change your password!" message ASAP. Cheers ^JH

 




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by JimmyC on 29-Sep-2014 09:16 (441 replies)
Pages... 28 29 30


Can i have 2 ISP's at home?
Created by ReckITT, last reply by Lazarui on 30-Sep-2014 18:15 (49 replies)
Pages... 2 3 4


Why is your nickname what it is, what are the origins of it?
Created by Presso, last reply by Dairusire on 1-Oct-2014 10:04 (88 replies)
Pages... 4 5 6


iPhone 6 From Spark - Order Dates and Pricing?
Created by Otagolad, last reply by Yatey on 1-Oct-2014 10:51 (340 replies)
Pages... 21 22 23


Easiest way to have iPhone warranty service
Created by JoshWright, last reply by nitrotech on 30-Sep-2014 21:37 (15 replies)

What time will the Apple Store online be selling the iPhone 6?
Created by scotiwis, last reply by moulinette on 1-Oct-2014 10:40 (88 replies)
Pages... 4 5 6


Registering with metaname
Created by freitasm, last reply by freitasm on 30-Sep-2014 18:16 (13 replies)

No DSL ports free in Oteha, Albany. Can anyone help?
Created by robby666111, last reply by RunningMan on 30-Sep-2014 16:13 (13 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.