how-to block ads
|
|
Share Topic
 |
 |
|
|
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
 ·SONIC.NET
·Pacific Bell - SBC
| reply to MGD
Re: Hotmail hacked?said by MGD:Microsoft SMTPSVC(6.0.3790.3959);I am presuming that line above does not mean that it was a true SMTP, like from an smtp client. My outbound hotmail sent via an SMTP client will not show in my "webmail" sent items. On the basis of the version number? Or the agent name?
Return-path: <troll.feeder@kook.invalid>
Received: from kozue.aosake.net (192.168.102.34) by aosake.net (Mercury/32 v4.62) with ESMTP ID MG00004E;
11 Jun 2009 16:07:28 -0700
Received: from KOZUE ([192.168.102.34]) by kozue.aosake.net with Microsoft SMTPSVC(6.0.2600.5512);
Thu, 11 Jun 2009 16:07:28 -0700
From: "Morris R. ze Kat" <spammers_r@stupid.invalid>
Subject: [TEST] Didn't work?
To: ******@aosake.net
User-Agent: 40tude_Dialog/2.0.15.41
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: troll.feeder@kook.invalid
Organization: Kookville
Date: Thu, 11 Jun 2009 16:07:28 -0700
Message-ID: <1s78jfw12si6d$.dlg@kat.dizum.com>
X-Approved-By: The Other Guy
X-OriginalArrivalTime: 11 Jun 2009 23:07:28.0140 (UTC) FILETIME=[63EB14C0:01C9EAE9]
Just curious why you might think that 'Microsoft SMTPSVC(x.x.xxxx.xxxx)' would not be a "true SMTP", like from an SMTP client?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum | |
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by NormanS:said by MGD:Microsoft SMTPSVC(6.0.3790.3959);I am presuming that line above does not mean that it was a true SMTP, like from an smtp client. My outbound hotmail sent via an SMTP client will not show in my "webmail" sent items. On the basis of the version number? Or the agent name? Just curious why you might think that 'Microsoft SMTPSVC(x.x.xxxx.xxxx)' would not be a "true SMTP", like from an SMTP client? Good catch, Now that you bring it up, I am curious why I made that statement too !. It is incorrect,
'Microsoft SMTPSVC(x.x.xxxx.xxxx)' will show up in the headers regardless of whether the email originates from within a local SMTP client or is sent via the webmail interface.
As you mentioned in another post mail sent via an SMTP client will not show in the sent items of the webmail interface.
Apparently in some cases the hackers are copying the victim's address book and then spamming via a n smtp application. I am not sure if some victims are reporting that the spam does show in their webmail sent items or not. What most do report is that their accounts are altered, either set in auto respond away mode (with a copy of the spam) or a signature is added to include the spam which then appears in all subsequent outbound mail.
I am presuming based on the sheer volume of this epidemic, that this process may be somehow scripted by the scammers.
There is not a lot of feedback coming from the support people that identifies what the modus operandi is. I am sure they have to know by now. I do not believe that all the accounts are password cracked, nor do I believe that they are all phished. There is some other angle at work here.
MGD | |
|
