Had a client pop in today as they are getting messages bouncing back from people they hadn't sent emails
to.
To cut a long story short ...
Some of the hacked xtra accounts possibly had spam vacation responses set up in them. The person breaking in will set the xtra users vacation resposnse to run until sometime a few years from now and get it to send a spam message to everyone who emails the xtra user.
Worth checking if you are dealing with TCom / Xtra email users. In fact its worth checking if you deal with any web based email service who has been compromised.
For Xtra -
- Log into the users account
- Goto options
- email options
- Vacation Response.
Follow your nose. Its also worth checking to see if a malicious alias, temporary disposable internet address or similar has been created .
HTH
Shane