[Boatanchors] Boatanchors hey
Mike McCarthy, W1NR
lists at w1nr.net
Mon Nov 12 09:57:05 EST 2012
On 11/12/2012 09:11 AM, jeff wrote:
> On 11/12/2012 07:24 AM, David Stinson wrote:
>>
>> ----- Original Message -----
>> From: <w1ksz at earthlink.net>
>> To: "Boatanchors" <boatanchors at mailman.qth.net>
>>
>>> Boatanchors start now so you wont regret wasting time later
>>> http://msnbc.msn.MUNGMUNGMUNG
>>
>> There seem to be a lot of botted users on our boatanchor
>> and milsurplus lists.
>> Guys, please. Get a good free trial Malware program like
>> http://www.malwarebytes.org/
>
> The majority of these hacks are account hacks, not local ones.
> And the majority of these are Yahoo. Strong passwords recommended.
>
> Good advice otherwise.
>
>
Actually, these exploit a vulnerability in many of the public email
accounts like yahoo, gmail and hotmail. Generally, you leave your
account "logged in" as you use your browser. Following the link in the
email exploits the fact that you are already logged in and uses the
login cookies and service API's to execute code that sends email through
that account, usually to everyone in your address book. Strong passwords
are no help at all. Most anti virus will not detect it since it doesn't
affect your local hard drive. I think there are some browser plugins
from the more advanced "Internet Security" products that will block it,
but the only sure cure is to not follow the link or not to use the
"free" email accounts.
And before you "gurus" sound in and say it can't happen in Linux, better
look again because the same vulnerable mechanism exists in the Linux
versions of the Firefox browser and has absolutely no regard to any OS
you happen to run.
Mike, W1NR
More information about the Boatanchors
mailing list