Twitist Forums / Facebook forums / Facebook apps v / Contact list harvesting - malware ? Facebook ?



This Forum has been archived there is no more new posts or threads ... use this link to report any abusive content
==> Report abusive content in this page <==
Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Contact list harvesting - malware ? Facebook ?
11-09-2012, 10:48 AM
Post: #1
adaviel Offline
Newbie
*
 		Posts: 0
Joined: May 2012
Reputation: 0
Contact list harvesting - malware ? Facebook ?
for the sake of argument, let's say I have contacts called Bruce Bogtrotter, Avis Bogtrotter etc. (i.e. unusual names) with email addresses like bruce@bogtrotter.org, bbtrotter23@hotmail.com

I've had a couple of spams like
From: Bruce Bogtrotter <syue6y3@yahoo.com>
where it seems that the contact name has been harvested somehow and used to target me personally.
Is this something like a rogue Facebook app ? I think the names match Facebook contacts.
I don't have a lot of fb friends and don't generally use fb apps myself, except occasionally to sign up to comment on online forums.
Highly unlikely to be malware on my computer - I use Linux, and obscure email programs.

Has anyone else seen this ?
Yes, it's actually from a Yahoo server. It's just
Subject: for Andrew (ie. my real first name)
http://www.lilinahid.com/dadaccident/markbailey84/
9/1/2012 3:57:50 AM

my correspondants don't have Yahoo email accounts.
Ads
Find all posts by this user
Quote this message in a reply
11-09-2012, 10:56 AM
Post: #2
David Beierl Offline
Newbie
*
 		Posts: 0
Joined: May 2012
Reputation: 0
 
If you're talking about emails with a short distribution list (including you or some list/forum you belong to), a short or empty subject line, and a short message pointing you to some scumware site - the overwhelming majority of these that I've seen in the last year or so have been sent through the Yahoo webmail system, indicating that they are exploiting cracked Yahoo accounts. The actual originating IPa as reported by Yahoo are from almost anywhere on the globe and are not consistent from one message to the next, suggesting to me that these messages are being pumped into the Yahoo system by compromised PCs.

I *believe* that the compromised Yahoo accounts are also the source of the contact lists, but I don't know for sure.

The subject lines were initially blank, but have gradually gotten more complex. Just today I saw one that addressed the recipient (actually a Yahoo group) as "Dear Orthodox," where Orthodox was the name of the Yahoo group.

Once in circulation these distribution lists can persist for months, even after the offender fixes his Yahoo password.

Almost but not quite all of the ones I've seen have been "From:" a Yahoo email address; but all have been distributed via the Yahoo webmail interface.

Sample size probably a 1-200 over the last year* or so (I'm co-moderator of an 800 member email list and member of many other lists and Yahoo groups).

*For some value of "year" -- I'm very poor with time.
Ads
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | Twitist Forums | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication