Wednesday, October 27, 2010

Uptick in webmail spam messages

Lately, I've been receiving more and more SPAM in my inbox, and the message usually contains a single URL.  Most likely, that URL leads to a site that is heavily poisoned or makes an attempt at stealing personal information.  It's happened to some of my friends just recently and they've asked for help.  (What they've done about the issue, I do not know.)

In my limited analysis, it appears that their email accounts have been hacked, and someone/thing is using the accounts to pump out spam.  I haven't been able to do a root cause analysis, so I don't know if it is the machine that they are logging on to that is infected, or if there is another vector.  The latest article I've seen on the problem is listed here:

Hacked web mail accounts used to send spam

My response (when asked by my friends) has been to fully scan the computer with anti-virus software that has current definition files to ensure that there is nothing obvious on the system.  Secondly, change the password to the webmail account from a computer that is known to be free from malware.  From the friends that have taken this advice, I've heard good results.  But, short of fully analyzing a machine, I really don't know what's there.

Is there more to it that this?  Is there a bigger problem?  If you have any answers, leave them in the comments.

No comments:

Post a Comment