[Novalug] Apologies for SPAM - Gmail spoof from Pakistan

Soren Harward stharward@gmail.com
Mon May 23 06:40:37 EDT 2011


On Sun, May 22, 2011 at 9:53 PM, Rob Payne <rnspayne@the-paynes.com> wrote:
> Yours isn't the only report of issues I've seen this weekend.  There
> have been reports on an unrelated security list of folks from the list
> having had e-mail sent from their accounts on multiple providers.  The
> folks in those cases were security professionals, unlikely to have
> chosen bad passwords or use random systems/wifi.

It's very easy to "send an email from someone's account" without
having broken into that account simply by forging the From: header.

I've gotten a couple of these forged emails over the weekend.  What it
looks like is happening is that the spammers got hold of an origin
email address and the addresses that the origin frequently sends to,
and are using those sender/receiver pairs for their spam messages.
The cause could be a compromised mail server just as easily as it
could be a compromised account.

-- 
Soren Harward



More information about the Novalug mailing list