|
Authored by: Anonymous on Friday, July 06 2012 @ 10:28 AM EDT |
I received a couple of those spams. It was quite clear that
they came from compromised Yahoo accounts - by analyzing the
To: line we could confirm that the addresses matched the
address book of the sender listed in the From: line. So
they didn't bother with a simple spoof like pretending to be
from somebody else in the address book but not the real
sender.
As for *how* the account was compromised, I have information
from one sender that she had recently downloaded a
questionable Android app. Scans detected no malware on her
PC, but removing the Android app ended the spam.
If I called myself a security analyst, I'd have gotten my
hands on a copy of the app in question and found the
malicious code. I'd certainly want to know if the payload
creates an updateable spambot (thus justifying the term
"botnet") or just sends preprogrammed spam. (I do know that
the spam varied a bit between two senders about a week
apart. That could just mean that the second sender had
downloaded a new version of the Trojan.)[ Reply to This | Parent | # ]
|
|
|
|
|