Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So how did a spammer get my address?


  • Please log in to reply
26 replies to this topic

#1 helpmeplz2

helpmeplz2

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 11 May 2012 - 01:09 PM

Hi, I have an email address I only use for facebook, and today I got a spam message, how did a spammer get my address?

BC AdBot (Login to Remove)

 


#2 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 11 May 2012 - 01:22 PM

Perhaps you have a weak password and your account has been compromised.

Run through the "Best Practices" on this site to see if any of them rings a bell: http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx

#3 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 11 May 2012 - 01:57 PM

Perhaps you have a weak password and your account has been compromised.

Run through the "Best Practices" on this site to see if any of them rings a bell: http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx

I don't have a weak password, is it possible that a spammer compromised one of my facebook friends computer and obtained my address that way?

Because I use Ubuntu and a pretty secure password.

#4 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 11 May 2012 - 02:04 PM


Perhaps you have a weak password and your account has been compromised.

Run through the "Best Practices" on this site to see if any of them rings a bell: http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx

I don't have a weak password, is it possible that a spammer compromised one of my facebook friends computer and obtained my address that way?

Because I use Ubuntu and a pretty secure password.

That's also possible, yes.

#5 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 11 May 2012 - 02:05 PM



Perhaps you have a weak password and your account has been compromised.

Run through the "Best Practices" on this site to see if any of them rings a bell: http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx

I don't have a weak password, is it possible that a spammer compromised one of my facebook friends computer and obtained my address that way?

Because I use Ubuntu and a pretty secure password.

That's also possible, yes.

But how likely?

#6 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 11 May 2012 - 02:40 PM

Well, you know your friends better than I do, so are any of them a bit lax when it comes to security? For example, do they accept 'friends' even though they don't know who that person is?

Attackers are always going to target sites with a huge following like Facebook has and if they find a leak somewhere then they're going to exploit it. The Koobface gang were a typical example of attackers who only targeted Facebook accounts. "Koobface" is "Facebook" in reverse you might notice.

Here are a few others:



#7 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 11 May 2012 - 02:51 PM

Well, you know your friends better than I do, so are any of them a bit lax when it comes to security? For example, do they accept 'friends' even though they don't know who that person is?

Attackers are always going to target sites with a huge following like Facebook has and if they find a leak somewhere then they're going to exploit it. The Koobface gang were a typical example of attackers who only targeted Facebook accounts. "Koobface" is "Facebook" in reverse you might notice.

Here are a few others:

Some of my friends have like 1,000 friends. Is it possible they got a worm and it looked at all of his/her friends contact info (my email address would have been there)? And how do you think I could have been compromised?

#8 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 11 May 2012 - 03:17 PM

anyone?

#9 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 11 May 2012 - 03:38 PM

Some of my friends have like 1,000 friends. Is it possible they got a worm and it looked at all of his/her friends contact info (my email address would have been there)? And how do you think I could have been compromised?

I know someone like that. Let me tell you what happened to him. He tried to login one day and got a message asking him to identify seven of his 'friends' from a series of photographs of them because his account had been compromised. Since he didn't know any of these people, he was unable to identify any of them and subsequently lost access to his account.

#10 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 11 May 2012 - 11:01 PM


Some of my friends have like 1,000 friends. Is it possible they got a worm and it looked at all of his/her friends contact info (my email address would have been there)? And how do you think I could have been compromised?

I know someone like that. Let me tell you what happened to him. He tried to login one day and got a message asking him to identify seven of his 'friends' from a series of photographs of them because his account had been compromised. Since he didn't know any of these people, he was unable to identify any of them and subsequently lost access to his account.

No, all of my friends are still active, I just want to know how my email address was compromised as I only use it for facebook. Only 14 people (and facebook of course) can see my email address, so the only other option is, is that a compromised Windows computer on my network sniffed my address over the router and then sold it to spammers but none of my other addresses are being spammed. It is highly unlikely that I have malware myself as I use Ubuntu.

So how do you theorize my address was compromised?

#11 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 12 May 2012 - 12:55 AM

Just because you have Ubuntu installed doesn't mean to say the system is invulnerable to exploits. As these Ubuntu security bulletins clearly demonstrate, there are a number of exploits in circulation affecting the current release, one of which affects email.

You say that you only use that particular email addy on Facebook and that 14 people know what it is. Therefore it stands to reason that either one or other of those accounts has been compromised, or your own system has security flaws.

#12 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 12 May 2012 - 02:05 AM

Therefore it stands to reason that either one or other of those accounts has been compromised, or your own system has security flaws.

Now that is what worries me. Do you think it could be this? But then again I am very cautions. I hardly even browse the web. I mainly just do youtube and facebook and occasionally other sites. And whenever I do browse the random web, I usually use Kubuntu in virtual box. Yes I am paranoid.

So if I am compromised, how come: 1) my other email addresses don't have spam, 2) if I was compromised why would the attacker send spam to me in just one of my email addresses? -but come to think of it, I do fairy regularly receive SPAM friend requests, but never spam emails. Weird.

Therefore it stands to reason that either one or other of those accounts has been compromised

More likely, do you know of any rouge apps/malware that sniff friends's profiles for contact info? Because my email address is clearly listed.

Edited by helpmeplz2, 12 May 2012 - 02:29 AM.


#13 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 12 May 2012 - 03:00 AM

Alright guys, I just checked one of my other address I only use for Yahoo answers and Ubuntu forums, and I HAD A SPAM MESSAGE FROM THE SAME ADDRESS THAT SPAMMED MY OTHER ACCOUNT (rr.com it claims). This eliminates the possibility of it being Facebook entirely. In fact I created this yahoo account in April 22 of this year. I only used it for yahoo answers and this site. And I GET A MESSAGE FROM THE same address!

OMG am I really infected?!?!?!?

#14 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 12 May 2012 - 08:07 AM

Alright guys, I just checked one of my other address I only use for Yahoo answers and Ubuntu forums, and I HAD A SPAM MESSAGE FROM THE SAME ADDRESS THAT SPAMMED MY OTHER ACCOUNT (rr.com it claims). This eliminates the possibility of it being Facebook entirely. In fact I created this yahoo account in April 22 of this year. I only used it for yahoo answers and this site. And I GET A MESSAGE FROM THE same address!

OMG am I really infected?!?!?!?

rr.com is the RoadRunner site. It's owned by Warner Bros and hardly likely to be sending SPAM. What does the email say? Is RoadRunner your ISP by any chance?

EDIT: Check the email headers to see who it's really from. Instructions on how to view webmail headers here: http://support.google.com/mail/bin/answer.py?hl=en&answer=22454

Edited by Xircal, 12 May 2012 - 08:10 AM.


#15 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  

Posted 12 May 2012 - 01:41 PM


Alright guys, I just checked one of my other address I only use for Yahoo answers and Ubuntu forums, and I HAD A SPAM MESSAGE FROM THE SAME ADDRESS THAT SPAMMED MY OTHER ACCOUNT (rr.com it claims). This eliminates the possibility of it being Facebook entirely. In fact I created this yahoo account in April 22 of this year. I only used it for yahoo answers and this site. And I GET A MESSAGE FROM THE same address!

OMG am I really infected?!?!?!?

rr.com is the RoadRunner site. It's owned by Warner Bros and hardly likely to be sending SPAM. What does the email say? Is RoadRunner your ISP by any chance?

EDIT: Check the email headers to see who it's really from. Instructions on how to view webmail headers here: http://support.google.com/mail/bin/answer.py?hl=en&answer=22454

I didn't think rr was behind it either, I thought it was probably a faked address, but I am not going to open the email to see the header. And no, my ISP is not rr.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users