troubleshooting Question

Unknown emails in Yahoo Sent Box

Avatar of moorhouselondon
moorhouselondonFlag for United Kingdom of Great Britain and Northern Ireland asked on
Vulnerabilities
13 Comments1 Solution885 ViewsLast Modified:
I have a client who looked in his Yahoo Sent box one day to find emails purportedly sent by him to his entire Contact List advertising products from a website called buynet4u.com.  I verified by looking at a bounceback that the email sending was instigated through Yahoo's mail servers, originating from IP address 60.10.215.242 which according to APNIC is likely to be in China.  Doing searches on the web, this style of breach is not an uncommon occurrence, certainly Hotmail users have suffered a similar hack.  Questions:-

(1) How was the account breached?  

(a) Remote location:  Dictionary attack: Doesn't Yahoo lockout users after so many failed attempts?  (The client's password is not a common one).  Or some insecurity in Yahoo's datastore has been exploited (remember this has happened at Hotmail too).
(b) Man in the middle:  Something like Phorm (arguably) has recorded username/password activity and it has been played back (the client has a BT broadband line).  
(c) Local client computer:  An embedded keylogger used in conjunction with either an emailer engine or remote hack into user's hard drive to fish out the logfile (this is on a Mac with Firefox used as browser btw).  The client has only ever used Yahoo on one other computer: a pc, using Internet Explorer some months prior, password settings were not remembered on that pc.


(2) Why was the account breached?

This seems like one hell of a lot of effort just to send roughly 50 emails - client has two Contact Lists and this has now happened on separate occasions to both lists (other reported incidents found on the net are also limited in scope in the same way as this).  Why didn't the attacker take full advantage of his privileged access and import a list of addresses to spam in the victim's Contact List, then send to all?  Maybe he was using his own IP address to send from and wished to stay below the radar.  If the attacker has the expertise to hack an email account, why did he not send out these emails using a zombie pc under his control?


Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 13 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros