Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



983 posts

Ultimate Geek
+1 received by user: 33


Topic # 114135 9-Feb-2013 21:27 Send private message

People are reporting (myself included) that they are getting spam from people at Xtra.

I've just had a couple come through myself.  To me, it looks like there could be some widespread email password compromise at Yahoo/Xtra.

Why do I say this?  Here are the Receieved headers:
Received: from nm19-vm6.bullet.mail.gq1.yahoo.com ([98.136.217.29]:36873)
by omicron.elinuxservers.com with smtp (Exim 4.77)
(envelope-from <******@yahoo.com>)
id 1U45JA-000707-7k
for *******@gogo.co.nz; Fri, 08 Feb 2013 23:57:17 -0800
Received: from [98.137.12.175] by nm19.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [98.137.12.227] by tm14.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [127.0.0.1] by omp1035.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [166.137.116.48] by web163406.mail.gq1.yahoo.com via HTTP; Fri, 08 Feb 2013 23:57:10 PST



Clearly Yahoo's SMTP servers have been used to send the mail, and it's from a person I have had contact with previously, so I'm in their address book, the To: header also includes other people obviously in that address book.

I've just had two come through, from completely different people, but both Xtra users, with whom I have had contact in the past (but not related to each other in any way).

I can't see any realistic way that this can't be a compromise of some description at the Yahoo/Xtra level.

Discussion at TradeMe about it:
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1208005&topic=10&#p24509603
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1207998&topic=5




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
6126 posts

Uber Geek
+1 received by user: 213


  Reply # 758811 9-Feb-2013 21:51 Send private message

I was actually just about to post on the same topic. I have been getting heaps of these emails from Telecom / Xtra / Yahoo addresses, from people who I have emailed in the past, so they are legit people. ALso only started happening today, and they are coming through to differnet email address I have on different networks, so it isn't a spam filtering problem at my end,They are also only coming from these addresses too. Possibly it may make mainstream media by next week.

1635 posts

Uber Geek
+1 received by user: 273

Trusted
Telecom NZ

  Reply # 758814 9-Feb-2013 22:05 Send private message

It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.

Are there a few more full headers either post them here or forward them through to pl at telecom dot co dot nz.




I work for Telecom Spark, but as always my views are my own.

27 posts

Geek


  Reply # 758815 9-Feb-2013 22:09 Send private message

I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?

1822 posts

Uber Geek
+1 received by user: 58

Trusted
Subscriber

  Reply # 758816 9-Feb-2013 22:10 Send private message

plambrechtsen: It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.


I have forwarded mine through.

Cheers.




Nexus 5, Galaxy Note 10.1, ASUS UX31e Ultrabook, Mysky HDi, 2talk

1635 posts

Uber Geek
+1 received by user: 273

Trusted
Telecom NZ

  Reply # 758821 9-Feb-2013 22:23 Send private message

Can anyone please forward as many of these spam messages to [email protected] including full headers.

And on a personal note:

Bituser: I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?


I personally think you may be right.  But it's being investigated.






I work for Telecom Spark, but as always my views are my own.

1127 posts

Uber Geek
+1 received by user: 56


  Reply # 758827 9-Feb-2013 23:17 Send private message

Yup, I received a spam email from a friend today and started today only!




4 posts

Wannabe Geek


  Reply # 758844 10-Feb-2013 01:13 Send private message

Checked my Yahoo! E-mail from my phone ~ 6:30pm
Had about 40 Daemon/Postmaster responses from ~ 4:30pm 

Checked the logs of my logins and found:We detected a suspicious login to your Yahoo! account (Feb 9, 2013, 4:29 PM) from ID, US (65.73.219.94).

Received a spam e-mail to my Gmail account ~ 8:30pm.




6099 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 758845 10-Feb-2013 02:01 Send private message

Sorry to say, but since Xtra teamed up with Yahoo, their email system has been a absolute disaster. Very few people there have any control over it, the spam filtering is terrible, and no matter how many lapses they have, they cling to Yahoo. Considering how over the top the security is (How many people here have tried to get whitelisted), this seems unthinkable.


1822 posts

Uber Geek
+1 received by user: 58

Trusted
Subscriber

  Reply # 758862 10-Feb-2013 08:40 Send private message

Ok. So reading the comments on thenextweb changing the password on the account doesn't seem to help. Plambrechtsen do you have any advice for customers who may be affected by this yet?

Cheers, Matt.




Nexus 5, Galaxy Note 10.1, ASUS UX31e Ultrabook, Mysky HDi, 2talk

1635 posts

Uber Geek
+1 received by user: 273

Trusted
Telecom NZ

  Reply # 758879 10-Feb-2013 09:26 Send private message

The response I have had is if you have been affected you will need to change your password but the issue has been resolved.

--
Yahoo advised Telecom early on Sunday morning that the issue had been resolved, however any customers affected will need to change their password to avoid any further issues. Customers can change their password themselves by following this link: https://selfservice.xtra.co.nz/live/selfservice/ChgPwd/

If customers have any further issues, we ask that they contact Telecom's Broadband Helpdesk on 0800 225 598.
--




I work for Telecom Spark, but as always my views are my own.

328 posts

Ultimate Geek
+1 received by user: 3


  Reply # 758880 10-Feb-2013 09:26 Send private message

I'm getting incorrect password message when I try to login using Windows Live mail.  I can log in just fine using the Yahoo App on my phone though.




mxpress

380 posts

Ultimate Geek
+1 received by user: 37


  Reply # 758922 10-Feb-2013 12:32 Send private message

Mxpress sounds like you might have been pop blocked. Try log into the webmail and see if it works after that. You may need to update the password on all of your devices.

328 posts

Ultimate Geek
+1 received by user: 3


  Reply # 758939 10-Feb-2013 13:01 Send private message

Webmail worked fine and finally POP3 has started working as per normal again




mxpress

4 posts

Wannabe Geek


  Reply # 759067 10-Feb-2013 17:13 Send private message

According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.



983 posts

Ultimate Geek
+1 received by user: 33


  Reply # 759086 10-Feb-2013 17:57 Send private message

ORaven: According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.


They might say it's been fixed, but others disagree aparently.

Seems they mean fixed in that they prevented the XSS attack but haven't done anything about those that were already compromised

http://www.facebook.com/telecomnz/posts/10151452390260659


24/7 Hosting NZ FYI: We're noticing xtra.co.nz linked to our clients accounts are again sending spam, this time the message is HTML based. Might be worth a further investigation. Occurring since around midday today.57 minutes ago · 1

Thanks 24/7 Hosting, and thanks too for raising this when you noticed. Until those with affected account change their passwords, it's likely the phishers will keep on taking advantage. If any are clients of yours, I'd put out the "Change your password!" message ASAP. Cheers ^JH

 




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by firefuze on 24-Apr-2014 13:30 (99 replies)
Pages... 5 6 7


Stonedine
Created by Lizard1977, last reply by mattwnz on 24-Apr-2014 15:45 (67 replies)
Pages... 3 4 5


Auckland Transport Hop card - look out for errors
Created by robjg63, last reply by sbiddle on 24-Apr-2014 20:48 (21 replies)
Pages... 2


Windows 8 System Mechanics
Created by eme, last reply by eme on 24-Apr-2014 21:10 (20 replies)
Pages... 2


Using my Mac to ring family in the UK
Created by Geektastic, last reply by nakedmolerat on 24-Apr-2014 11:28 (19 replies)
Pages... 2


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by mattwnz on 24-Apr-2014 15:11 (74 replies)
Pages... 3 4 5


Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 24-Apr-2014 21:36 (176 replies)
Pages... 10 11 12


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.