« The iRack | Main | Mac Office 2008 »

Mac Mail Hacked?

If you suspect your Mac account has been hacked, here's what to look for. Chances are, yours is one of millions of email addresses forged to send spam...

There's been a series of posts in the Apple User Group list concerning one user who has been receiving bounced spam to his box -- being labeled as the "sender" of the spam. He believes his Mac.com email account has been hacked.

This has an extremely low probability. If this happens to you, before sounding alarms, consider the following:

* Spam hacks, botnets or zombies do not target individual accounts, but the whole server. They find compromised servers, plant the zombie and begin spamming using the email addresses on that server.

* In the rare event a single account would be hacked, chances are the ID and password would be overwritten, thus the user could no longer get in.

* Apple's security is very good. They would have immediately known of a breach and stopped it.

* All good server admins maintain a throughput throttle. It would sense large amounts of email being sent very quickly and investigate. (Faster than a human could send.) Apple's email is very, very slow compared to other ISPs -- so spammers wouldn't want to use it anyway.

* If by some chance the email was used as a spambot, the user would be getting thousands of bounces, not just a handful. (This would also alert the server managers that something is wrong.)

How they got your address

* The users address is the product of a "Dictionary Spam" campaign. This is where the spammer uses known URLs (such as @mac.com) and then applies all the email addresses in the database to that domain in hopes of hookind a sufficient number of 'live' users. (ie: smith@mac.com and smith@earthlink.com, etc.)

* The users address is in the mailbox of a compromised Windows server someplace, picked up by a zombie or trojan on that server.

* The users address is saved in a windows user's computer that has been infected with a spam virus or zombie.

* The users address was 'shared' by Apple with a 'trusted' vendor, which in turn sold it or used it to the spam community.

One spam practice is to rotate email addreses through the database as both recipients and senders. More techno savvy spammers also change sender quite frequently to avoid detection. It is very likely that every address in the professional spammers' databases are used for both sender and receiver. We've trapped spam in the honeypots that are both to and from the same addresses in our domains -- sometimes to an address, from the same address. The crooks think it confuses the spam traps, which it doesn't.

If, after understanding all of the above, you are STILL convinced you've been compromised, send the spam bounce, including ALL HEADERS to me, and I'll check it out. Paste it into the "Comment" field at the UGNN CONTACT form -- do NOT send it via email, since the spam traps will trap it again.

Fred Showker
Editor / Publisher: 60-Second Window, DTG Magazine, the User Group News Network, and Photoshop Tips & Tricks

------------------------------

Got News?

We'd love to hear about your news, software or hardware discoveries... just post at: our review input forms

Posted by Fred Showker on September 16, 2007 11:34 AM |

Categories

SPONSOR
 

Recent Posts

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.34