Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1218 posts

Uber Geek
+1 received by user: 143


Topic # 114135 9-Feb-2013 21:27
Send private message

People are reporting (myself included) that they are getting spam from people at Xtra.

I've just had a couple come through myself.  To me, it looks like there could be some widespread email password compromise at Yahoo/Xtra.

Why do I say this?  Here are the Receieved headers:
Received: from nm19-vm6.bullet.mail.gq1.yahoo.com ([98.136.217.29]:36873)
by omicron.elinuxservers.com with smtp (Exim 4.77)
(envelope-from <******@yahoo.com>)
id 1U45JA-000707-7k
for *******@gogo.co.nz; Fri, 08 Feb 2013 23:57:17 -0800
Received: from [98.137.12.175] by nm19.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [98.137.12.227] by tm14.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [127.0.0.1] by omp1035.mail.gq1.yahoo.com with NNFMP; 09 Feb 2013 07:57:10 -0000
Received: from [166.137.116.48] by web163406.mail.gq1.yahoo.com via HTTP; Fri, 08 Feb 2013 23:57:10 PST



Clearly Yahoo's SMTP servers have been used to send the mail, and it's from a person I have had contact with previously, so I'm in their address book, the To: header also includes other people obviously in that address book.

I've just had two come through, from completely different people, but both Xtra users, with whom I have had contact in the past (but not related to each other in any way).

I can't see any realistic way that this can't be a compromise of some description at the Yahoo/Xtra level.

Discussion at TradeMe about it:
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1208005&topic=10&#p24509603
http://www.trademe.co.nz/Community/MessageBoard/Messages.aspx?id=1207998&topic=5




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
13539 posts

Uber Geek
+1 received by user: 1648


  Reply # 758811 9-Feb-2013 21:51
Send private message

I was actually just about to post on the same topic. I have been getting heaps of these emails from Telecom / Xtra / Yahoo addresses, from people who I have emailed in the past, so they are legit people. ALso only started happening today, and they are coming through to differnet email address I have on different networks, so it isn't a spam filtering problem at my end,They are also only coming from these addresses too. Possibly it may make mainstream media by next week.

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 758814 9-Feb-2013 22:05
Send private message

It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.

Are there a few more full headers either post them here or forward them through to pl at telecom dot co dot nz.

 
 
 
 


26 posts

Geek


  Reply # 758815 9-Feb-2013 22:09
Send private message

I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?

2623 posts

Uber Geek
+1 received by user: 321

Trusted
Lifetime subscriber

  Reply # 758816 9-Feb-2013 22:10
Send private message

plambrechtsen: It's currently being investigated.  Still waiting to find out more.  I suggest if you have some spam messages forward them including the headers to "abuse at xtra.co.nz" for further investigation.


I have forwarded mine through.

Cheers.




My views (except when I am looking out their windows) are not those of my employer.

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 758821 9-Feb-2013 22:23
Send private message

Can anyone please forward as many of these spam messages to abuse@xtra.co.nz including full headers.

And on a personal note:

Bituser: I've just received my second email for today. I was just looking at the XSS exploit for yahoo perhaps it hasn't been fixed in nz?


I personally think you may be right.  But it's being investigated.



2284 posts

Uber Geek
+1 received by user: 263

Trusted

  Reply # 758827 9-Feb-2013 23:17
Send private message

Yup, I received a spam email from a friend today and started today only!




4 posts

Wannabe Geek


  Reply # 758844 10-Feb-2013 01:13
Send private message

Checked my Yahoo! E-mail from my phone ~ 6:30pm
Had about 40 Daemon/Postmaster responses from ~ 4:30pm 

Checked the logs of my logins and found:We detected a suspicious login to your Yahoo! account (Feb 9, 2013, 4:29 PM) from ID, US (65.73.219.94).

Received a spam e-mail to my Gmail account ~ 8:30pm.




15781 posts

Uber Geek
+1 received by user: 4285

Trusted
Lifetime subscriber

  Reply # 758845 10-Feb-2013 02:01
Send private message

Sorry to say, but since Xtra teamed up with Yahoo, their email system has been a absolute disaster. Very few people there have any control over it, the spam filtering is terrible, and no matter how many lapses they have, they cling to Yahoo. Considering how over the top the security is (How many people here have tried to get whitelisted), this seems unthinkable.


2623 posts

Uber Geek
+1 received by user: 321

Trusted
Lifetime subscriber

  Reply # 758862 10-Feb-2013 08:40
Send private message

Ok. So reading the comments on thenextweb changing the password on the account doesn't seem to help. Plambrechtsen do you have any advice for customers who may be affected by this yet?

Cheers, Matt.




My views (except when I am looking out their windows) are not those of my employer.

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 758879 10-Feb-2013 09:26
Send private message

The response I have had is if you have been affected you will need to change your password but the issue has been resolved.

--
Yahoo advised Telecom early on Sunday morning that the issue had been resolved, however any customers affected will need to change their password to avoid any further issues. Customers can change their password themselves by following this link: https://selfservice.xtra.co.nz/live/selfservice/ChgPwd/

If customers have any further issues, we ask that they contact Telecom's Broadband Helpdesk on 0800 225 598.
--

365 posts

Ultimate Geek
+1 received by user: 15


  Reply # 758880 10-Feb-2013 09:26
Send private message

I'm getting incorrect password message when I try to login using Windows Live mail.  I can log in just fine using the Yahoo App on my phone though.




mxpress

1309 posts

Uber Geek
+1 received by user: 323


  Reply # 758922 10-Feb-2013 12:32
Send private message

Mxpress sounds like you might have been pop blocked. Try log into the webmail and see if it works after that. You may need to update the password on all of your devices.

365 posts

Ultimate Geek
+1 received by user: 15


  Reply # 758939 10-Feb-2013 13:01
Send private message

Webmail worked fine and finally POP3 has started working as per normal again




mxpress

4 posts

Wannabe Geek


  Reply # 759067 10-Feb-2013 17:13
Send private message

According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.



1218 posts

Uber Geek
+1 received by user: 143


  Reply # 759086 10-Feb-2013 17:57
Send private message

ORaven: According to: http://www.nbr.co.nz/article/telecom-yahoo-xtra-mail-phishing-problem-fixed-ck-135637
It's been fixed this morning.


They might say it's been fixed, but others disagree aparently.

Seems they mean fixed in that they prevented the XSS attack but haven't done anything about those that were already compromised

http://www.facebook.com/telecomnz/posts/10151452390260659


24/7 Hosting NZ FYI: We're noticing xtra.co.nz linked to our clients accounts are again sending spam, this time the message is HTML based. Might be worth a further investigation. Occurring since around midday today.57 minutes ago · 1

Thanks 24/7 Hosting, and thanks too for raising this when you noticed. Until those with affected account change their passwords, it's likely the phishers will keep on taking advantage. If any are clients of yours, I'd put out the "Change your password!" message ASAP. Cheers ^JH

 




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Fujifilm X beats its best with new top of the range, high-performance camera
Posted 24-Feb-2018 14:05


One million kiwis affected by cybercrime
Posted 24-Feb-2018 13:58


New Zealanders want to engage with government online and via mobile apps
Posted 24-Feb-2018 13:56


Samsung launches Samsung Max
Posted 24-Feb-2018 13:52


CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.