Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Abandoned free email accounts

Published: 2010-08-29
Last Updated: 2010-08-30 23:38:40 UTC
by Swa Frantzen (Version: 2)
3 comment(s)

Mark wrote in with an observation that abandoned free email accounts (such as those of hotmail, yahoo and the like) are being abused by spammers to send messages at a very slow rate to the contacts in those accounts.

As Mark noted himself, there's an obvious privacy issue if your contacts leak, and that some of the former users have not only abandoned the service, but actually assumed the service would have been terminated due to no activity on the account anymore.

If you have observed the same thing, we're interested in hearing from you.

But it might be a good idea to verify the status of your former mailboxes you have around the globe and make sure there's nothing left of them of value to you or your attackers before you do abandon them. Better yet, those really old ones, should we not delete them properly?


A reader pointed out it might not always be easy for users to deleted unwanted accounts judging from the support fora at e.g. hotmail, and hence it would be quite understandable that they just abandon the accounts instead of cleaning them up properly.


Andy, Andrew and others wrote in corroborating the story from experience with Yahoo, Gmail and Hotmail addresses that used to belong to friends and family starting to spam.Andy also noted another concern: the recipient might place more trust in known addresses from the past (think e.g. whitelisting in anti-spam filters and also might lead to trust in the person allowing for lesser guards in beign social engineered into a click or other form of trust.

A number of readers pointed out they have seen it happen on active accounts just as well as on the abandoned accounts. Some also pointed out it is very difficult to regain control of the account as the spammers changed the password they had on it.

An anonymous reader had lost control of his gmail account and didn't realize his address book got populated automatically due to sending and receiving email -even when just sending/receiving email from a smartphone without using the  web interfaces-.

Carol also pointed out that loosing control of an account can be frustrating to allow one to regain control by the legitimate user.

Swa Frantzen -- Section 66

Keywords: email spam
3 comment(s)

DLL hijacking - what are you doing ?

Published: 2010-08-29
Last Updated: 2010-08-29 22:38:28 UTC
by Swa Frantzen (Version: 1)
10 comment(s)

In response to the heavy publication in the press about the DLL hijacking vulnerabilities, Microsoft released a number of publications and even a tool of their own.

Judging from the comments on the article by Bojan and the difficulty in reading the instructions and the lack of a clear recommended value that stops the current ongoing attacks without breaking commonly used software packages, it's clear there is still some work ahead of us.

Not only do we need to understand it in detail and understand what we can block, but we need to test it all as well.

So, in a spirit of sharing how to make it work:

  • What are you using as mitigation against the DLL hijacking vulnerabilities ?
  • What did your tests with the different values and commonly used software packages (such as Microsoft Office) yield with the different values the tool supports ?

Swa Frantzen -- Section 66

Keywords: msft patches
10 comment(s)
Diary Archives