Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



1018 posts

Uber Geek
+1 received by user: 46


Topic # 114135 9-Feb-2013 21:27 Send private message

People are reporting (myself included) that they are getting spam from people at Xtra.

I've just had a couple come through myself.  To me, it looks like there could be some widespread email password compromise at Yahoo/Xtra.

Why do I say this?  Here are the Receieved headers:
Received: from nm19-vm6.bullet.mail.gq1.yahoo.com ([98.136.217.29]:36873)
by omicron.elinuxservers.com with smtp (Exim 4.77)
(envelope-from <******@yahoo.com>)
id 1U45JA-000707-7k
for *******@gogo.co.nz; Fri, 08 Feb 2013 23:57:17 -0800
Received: from [98.137.12.175] by nm19.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [98.137.12.227] by tm14.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [127.0.0.1] by omp1035.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [166.137.116.48] by web163406.mail.gq1.yahoo.com via HTTP; Fri, 08 Feb 2013 23:57:10 PST



Clearly Yahoo's SMTP servers have been used to send the mail, and it's from a person I have had contact with previously, so I'm in their address book, the To: header also includes other people obviously in that address book.

I've just had two come through, from completely different people, but both Xtra users, with whom I have had contact in the past (but not related to each other in any way).

I can't see any realistic way that this can't be a compromise of some description at the Yahoo/Xtra level.

Discussion at TradeMe about it:
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1208005&topic=10&#p24509603
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1207998&topic=5




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
7378 posts

Uber Geek
+1 received by user: 408


  Reply # 758811 9-Feb-2013 21:51 Send private message

I was actually just about to post on the same topic. I have been getting heaps of these emails from Telecom / Xtra / Yahoo addresses, from people who I have emailed in the past, so they are legit people. ALso only started happening today, and they are coming through to differnet email address I have on different networks, so it isn't a spam filtering problem at my end,They are also only coming from these addresses too. Possibly it may make mainstream media by next week.

1762 posts

Uber Geek
+1 received by user: 347

Trusted
Spark NZ

  Reply # 758814 9-Feb-2013 22:05 Send private message

It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.

Are there a few more full headers either post them here or forward them through to pl at telecom dot co dot nz.




I work for Spark, but as always my views are my own.

27 posts

Geek


  Reply # 758815 9-Feb-2013 22:09 Send private message

I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?

1977 posts

Uber Geek
+1 received by user: 100

Trusted
Subscriber

  Reply # 758816 9-Feb-2013 22:10 Send private message

plambrechtsen: It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.


I have forwarded mine through.

Cheers.




Nexus 5, Galaxy Tab S, HP Ultrabook, Mysky HDi, 2talk, Pebble Steel

1762 posts

Uber Geek
+1 received by user: 347

Trusted
Spark NZ

  Reply # 758821 9-Feb-2013 22:23 Send private message

Can anyone please forward as many of these spam messages to [email protected] including full headers.

And on a personal note:

Bituser: I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?


I personally think you may be right.  But it's being investigated.






I work for Spark, but as always my views are my own.

1270 posts

Uber Geek
+1 received by user: 85


  Reply # 758827 9-Feb-2013 23:17 Send private message

Yup, I received a spam email from a friend today and started today only!




4 posts

Wannabe Geek


  Reply # 758844 10-Feb-2013 01:13 Send private message

Checked my Yahoo! E-mail from my phone ~ 6:30pm
Had about 40 Daemon/Postmaster responses from ~ 4:30pm 

Checked the logs of my logins and found:We detected a suspicious login to your Yahoo! account (Feb 9, 2013, 4:29 PM) from ID, US (65.73.219.94).

Received a spam e-mail to my Gmail account ~ 8:30pm.




7288 posts

Uber Geek
+1 received by user: 907

Trusted
Subscriber

  Reply # 758845 10-Feb-2013 02:01 Send private message

Sorry to say, but since Xtra teamed up with Yahoo, their email system has been a absolute disaster. Very few people there have any control over it, the spam filtering is terrible, and no matter how many lapses they have, they cling to Yahoo. Considering how over the top the security is (How many people here have tried to get whitelisted), this seems unthinkable.


1977 posts

Uber Geek
+1 received by user: 100

Trusted
Subscriber

  Reply # 758862 10-Feb-2013 08:40 Send private message

Ok. So reading the comments on thenextweb changing the password on the account doesn't seem to help. Plambrechtsen do you have any advice for customers who may be affected by this yet?

Cheers, Matt.




Nexus 5, Galaxy Tab S, HP Ultrabook, Mysky HDi, 2talk, Pebble Steel

1762 posts

Uber Geek
+1 received by user: 347

Trusted
Spark NZ

  Reply # 758879 10-Feb-2013 09:26 Send private message

The response I have had is if you have been affected you will need to change your password but the issue has been resolved.

--
Yahoo advised Telecom early on Sunday morning that the issue had been resolved, however any customers affected will need to change their password to avoid any further issues. Customers can change their password themselves by following this link: https://selfservice.xtra.co.nz/live/selfservice/ChgPwd/

If customers have any further issues, we ask that they contact Telecom's Broadband Helpdesk on 0800 225 598.
--




I work for Spark, but as always my views are my own.

334 posts

Ultimate Geek
+1 received by user: 5


  Reply # 758880 10-Feb-2013 09:26 Send private message

I'm getting incorrect password message when I try to login using Windows Live mail.  I can log in just fine using the Yahoo App on my phone though.




mxpress

432 posts

Ultimate Geek
+1 received by user: 44


  Reply # 758922 10-Feb-2013 12:32 Send private message

Mxpress sounds like you might have been pop blocked. Try log into the webmail and see if it works after that. You may need to update the password on all of your devices.

334 posts

Ultimate Geek
+1 received by user: 5


  Reply # 758939 10-Feb-2013 13:01 Send private message

Webmail worked fine and finally POP3 has started working as per normal again




mxpress

4 posts

Wannabe Geek


  Reply # 759067 10-Feb-2013 17:13 Send private message

According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.



1018 posts

Uber Geek
+1 received by user: 46


  Reply # 759086 10-Feb-2013 17:57 Send private message

ORaven: According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.


They might say it's been fixed, but others disagree aparently.

Seems they mean fixed in that they prevented the XSS attack but haven't done anything about those that were already compromised

http://www.facebook.com/telecomnz/posts/10151452390260659


24/7 Hosting NZ FYI: We're noticing xtra.co.nz linked to our clients accounts are again sending spam, this time the message is HTML based. Might be worth a further investigation. Occurring since around midday today.57 minutes ago · 1

Thanks 24/7 Hosting, and thanks too for raising this when you noticed. Until those with affected account change their passwords, it's likely the phishers will keep on taking advantage. If any are clients of yours, I'd put out the "Change your password!" message ASAP. Cheers ^JH

 




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Got a good ol parking fine
Created by Lyderies, last reply by freitasm on 1-Nov-2014 23:06 (31 replies)
Pages... 2 3


Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


How good is your general Science Knowledge?
Created by Aredwood, last reply by Hobchild on 1-Nov-2014 23:24 (49 replies)
Pages... 2 3 4


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by sonyxperiageek on 31-Oct-2014 22:34 (24 replies)
Pages... 2


OneDrive code giveaway - go!
Created by freitasm, last reply by PhantomNVD on 1-Nov-2014 10:31 (36 replies)
Pages... 2 3


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by TwoSeven on 1-Nov-2014 17:43 (30 replies)
Pages... 2


DDos Protection from ISP
Created by charsleysa, last reply by freitasm on 31-Oct-2014 12:11 (46 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.