Franklin Veaux (tacit) wrote,
Franklin Veaux
tacit

  • Mood:

Email: The Next Brute-Force Attack Frontier

A few days ago, I got emails from a group of folks who said I'd sent them spam. This happens from time to time, as spammers tend to forge the "From" addresses in the spam emails they send.

A couple of those folks were kind enough to forward me samples of the spam emails with full headers, and as it turns out, they did in fact come from my email server, though with a Ukranian IP address.

It would seem there's a spam group in Eastern Europe that is doing brute-force attacks on large numbers of email addresses, attempting to find the passwords for IMAP and SMTP accounts. I have an AOL email address whose password, foolishly, was a dictionary word--an uncommon word, to be sure, but a dictionary word nonetheless. This is the password that was compromised.

Since then, I've heard of a couple other folks who've had the same thing happen to them. Legitimate email accounts without highly secure passwords breached, apparently in brute-force attacks, and then used to send large volumes of spam.

So the lesson here: Choose secure email passwords! If your email account password is weak, it may end up being compromised.
Tags: computer security
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 7 comments