Forgot your password?
typodupeerror
Communications Spam Yahoo! Technology

Widespread Compromise Of Yahoo-Backed Email In New Zealand 47

Posted by timothy
from the spam-is-best-in-sushi dept.
First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."
This discussion has been archived. No new comments can be posted.

Widespread Compromise Of Yahoo-Backed Email In New Zealand

Comments Filter:
  • by Anonymous Coward
    I have a bellsouth.net dsl account email address and I have seen spam originating from my own account sent to all addresses in my contact list. Something majorly borked at yahoo.
    • I have been getting a *ton* of spam emails the past couple of days from some of the following domains which appear to be handled through Yahoo...
      • .
      • bellsouth.net
      • swbell.net
      • att.net
      • snet.net
      • sbcglobal.net
      • ameritech.net

      It's basically a random message with a URL attached... many of them .ru domains. They're being sent to the .mac account that I've had since whenever it was .mac was originally started. There were a one or two initially starting back around Wednesday and it's become about 10 a day the past couple

    • by hairyfeet (841228)

      You went to a site like Redtube or XHamster and watched a porn video didn't you? Frankly this bug has been going on for awhile, it seems to be an "on again off again" kind of cat and mouse game between the guys writing the bug and yahoo. I wrote in my journal nearly a year ago [slashdot.org] about the "Yahoo porn bug" and how it would send spam from the entire address book (including to the person who hit the bug so they always end up with spam from themselves) and it sounds like the NZ folks are running into it now just

      • I would venture a guess at russian business network mass scananning + java/flash drivebys.
        • by hairyfeet (841228)

          Not with the Yahoo porn bug as I took one of the spare boxes at the shop and decided to do a little test to see how it basically worked.

          What it did was hide in the ads or in the page itself, as I saw it keep happening even if ABP was installed and it called a hidden iFrame that would load the yahoo login page and if the person didn't have a master password set that would have to be input to unlock the password auto fill (which most folks don't) it would use the auto fill to log in to the person's yahoo pag

          • Interesting and quite clever, however both my sister-in-law and wife suffered from this in the past two weeks. I checked my wife's Yahoo login history and at the time of the spam there was a login from another country (Japan). Were this a hidden frame login I'd expect it to appear local.

            • by hairyfeet (841228)
              Its probably a variation, one thing we have learned from the exploit kits and the like is if they figure out something that works suddenly it will be used in a bazillion different ways, like some flu bug it mutates like crazy.
  • remember! (Score:5, Funny)

    by Anonymous Coward on Sunday February 10, 2013 @10:47PM (#42855095)

    Remember, the original concept of the internet as a peer to peer network was a bad idea. Centralizing to just a handful of services is a good idea, and we should all use the cloud for everything, because that has no drawbacks.

    • I see what you did there. I don't have mod points here though.
    • by thenendo (523849)
      Of course, decentralization has its own drawbacks. Remember when SMTP servers would happily forward mail on behalf of any connecting client?
  • by Smurf (7981) on Sunday February 10, 2013 @10:50PM (#42855109)

    I wonder if it's a coincidence that in the last three or four days I started to receive a lot more spam to my Yahoo mail address. By "a lot more" I mean three or four times more than what I was receiving a week ago each day.

    I don't have any relation with anyone in New Zealand, so my guess is that it's indeed just a coincidence. But still the timing makes me wonder.

    • by viperidaenz (2515578) on Sunday February 10, 2013 @10:52PM (#42855127)

      or the New Zealand Yahoo is not the only one compromised, just the only one to admit it.

      • or the New Zealand Yahoo is not the only one compromised, just the only one to admit it.

        Two of my friends on Facebook were talking about spam originating from their Yahoo! accounts yesterday and I received a spam from a third (or, I should say one made it through my spam filter). None of them have any ties to New Zealand, as far as I know.

        • Once in the yahoo proverbial back door, I wouldn't be surprised if they got more. I don't know what yahoo's architecture is like though.
        • by hawguy (1600213)

          or the New Zealand Yahoo is not the only one compromised, just the only one to admit it.

          Two of my friends on Facebook were talking about spam originating from their Yahoo! accounts yesterday and I received a spam from a third (or, I should say one made it through my spam filter). None of them have any ties to New Zealand, as far as I know.

          My Yahoo account was hacked a month or so ago - I had a 12 character password including mixed case (in non-obvious places), digits and a special symbol, so i don't think the password was brute forced... I think they have a bigger problem than they have admitted.

      • Not just xtra.co.nz, but also yahoo.com, yahoo.com.au even ymail.com
      • Yeah, something like that. This was going on months ago with pacbell.net/sbcglobal.net/att.net/yahoo.com addresses, a little before that with yahoo.de addresses and has been recurring as the spammers discover another XSS exploit in Yahoo's amazing web pile. "The Yahoo XSS exploit" really understates the case. I think Yahoo fixes them, but they've got a lot of code to churn through and I doubt anyone really knows what all is in there.

        The one I looked at was an e-mail with one-line body urging me to check
      • I think it's much more likely that this problem exists for more than just New Zealand's yahoo servers. A couple years back I deleted my rarely-used Yahoo account because I got a hacked email sent to my common email address from it (as did others in my address book). I hadn't been logged in for quite some time, and I had a very secure password. Whatever the security flaw was, I really don't think it was at the user end (I consider myself to be pretty adept at computer security), and I didn't want any part o
  • by Anonymous Coward

    Telecom NZ phased out the xtra branding many years ago...it only lives in email addresses....hence why it's referred to in this story I guess :)

    • Heh, I think it could probably be said they unsuccessfully phased it out years ago. Most people around here when you say Telecom Broadband would say "oh you mean xtra" :-)
  • A Yahoo customer is reported by TFA saying

    The spam from my own address must be generated on the telecom/yahoo server as there is no other way it can happen

    It is shockingly easy to spoof sender e-mail address. I do not expect any Yahoo user to know it, but the journalist that quoted this person should know that, and mitigate this claim of Yahoo server breach

    • by Bitsy Boffin (110334) on Sunday February 10, 2013 @10:59PM (#42855179) Homepage
      The headers of all these SPAM messages indicate traversal from the Yahoo SMTP servers, and the SPAM were targetted specifically at people in the victim's address book. It wasn't a simple Joe Job.
      • by manu0601 (2221348)
        Sure, but the customer quoted in the article just talks about sender e-mail address.
        • by whoever57 (658626)
          I have personally seen too many SPAM emails that were sent using compromised Yahoo accounts, and yes -- they really were handled by Yahoo's servers (and, no, I don't have a Yahoo account -- it wasn't my account that was compromised).
      • by MobileC (83699)

        Not just address book.

        I had mail sent to everyone in my Sent Items too, so they were trolling all the folders for addresses.

  • by Bitsy Boffin (110334) on Sunday February 10, 2013 @10:57PM (#42855151) Homepage

    http://www.stuff.co.nz/technology/digital-living/8287236/Xtra-email-accounts-compromised [stuff.co.nz]

    The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a "second attack" that was outside customers' control.

    "We understand from our own technical investigations that the security of some YahooXtra email customer accounts may have been compromised, making it possible for emails to be sent from these accounts without the customers' knowledge," the company said in a statement.

  • by NewtonsLaw (409638) on Sunday February 10, 2013 @11:22PM (#42855335)

    I got hit by this last week and blogged about it [aardvark.co.nz], griping that surely a company with the resources of Yahoo should be able to fix such a critical flaw faster than seems to be the case.

    It would appear that Yahoo is happy to announce "fixexd" while the hackers simply exploit yet another hole in the company's shaky cloud.

    Tragic.

    Would Google be so lax in sorting out what is clearly a very critical issue that is affecting a large (and rapidly growing) number of users?

  • by Anonymous Coward

    I tried to contact yahoo about spam from their servers.

    The email listed in their ARIN record doesn't work

    Abuse@yahoo.com points you to some stupid website

    and there's no way to contact anyone through that, or they turned it off.

    The above should be a criminal offense.

  • by sdnoob (917382) on Monday February 11, 2013 @12:52AM (#42855743)

    is that you have someone else to blame when things go wrong.

    The bad thing about outsourcing....

    when things do go wrong, there's usually more than enough blame to go around, and you look bad too anyway.

  • by Anonymous Coward

    The only thing that could be regarded as surprising is that this did not happen sooner. Xtra is shit and Telecom are fucking clueless. This vuln was raised last year and Telecom sat around with their heads their asses to their shoulders. But the void of clue flock to them, believing the advertorial bullshit. They are the AOL of New Zealand, only worse.

  • I just sent this to a friend who uses Yahoo. His email was broadcasting spam late last week. He thought it was his PC but maybe not...

  • http://www.youtube.com/watch?v=GJsMRDyC9eY
    "This video has been removed as a violation of YouTube's policy on depiction of harmful activities. "

    One could repeat the very first comment about centralised services here too.

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)

Working...