HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 8 MINUTES AGO.
You are here: Home / Network Security / AOL Hacked: Zombie Spam to Inboxes
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
AOL Hack Drives Zombie Spam to Inboxes
AOL Hack Drives Zombie Spam to Inboxes
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
01
2014

Many early Internet users had AOL e-mail addresses at one time or another -- and some still have active accounts they rarely, if ever, use. Considering the rise of AOL-related zombie spam this week, it may be time to delete those old AOL e-mail accounts.

AOL on Monday admitted it’s investigating a security incident that involved “unauthorized access” to its networks and systems. In other words, the ISP was hacked. The company is working with forensic experts and federal authorities to investigate the incident and determine how cybercriminals were able to steal the personal information of its e-mail account holders.

“This information included AOL users' e-mail addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information,” the company said in a statement. “We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2 percent of our e-mail accounts.”

Who’s Behind the Zombie Spam

We caught up with Andrew Conway, a research analyst at messaging protection firm Cloudmark, to get his take on the zombie spam fallout. He told us there are two or three different groups involved in monetizing the zombie spam. One group is known as Com Spammers.

“The Com Spammers currently have three forms of monetization -- diet pills, miracle skin cream, and a pernicious work from home scam that involves extracting larger and larger payments for training and services based on the promise of future riches,” Conway said.

“Similarly, if you order the diet pills, you will find yourself signed up for a monthly purchase on your credit card, which is very hard to cancel. We estimate that the revenue generated by this group is millions of dollars a year. They are spending $50,000 to a $100,000 a year in domain registrations alone,” he added.

it appears one of the Com Spammers accessed information on a number of AOL accounts and started sending out high volumes of spam about two weeks ago, Conway said. The zombie spam used the “from” address of the hacked account and sent the spam to everyone in the victim’s address book.

Where Does DMARC Fit In?

Conway explained that there are two standards that have long been available to allow senders to digitally sign an e-mail message -- and guarantee it was actually sent by the account holder. However, he added, there was no standard about what to do if the message was unsigned or if the signature was invalid until DMARC (Domain-based Message Authentication, Reporting and Conformance) came along in 2012.

The DMARC standard allows the domain owner to use a DNS record to specify exactly how he would like unsigned or forged e-mails with his domain in the “from” address to be treated, Conway said. Unfortunately for end users, not all e-mail is tested with DMARC and large Web mail providers at first were slow to use it. AOL just changed its DMARC policy to “reject,” which better protects e-mail addresses on its system from unauthorized use. Conway uses Yahoo as an example of how DMARC helps.

“There are legitimate reasons why someone might use a Yahoo mail address, say, but not use Yahoo for delivery, the most common ones being legitimate bulk mailings by an e-mail service provider or traffic through mailing lists,” Conway said.

“However, there are alternative methods for dealing with both of those cases, and three weeks ago Yahoo decided that e-mail with forged Yahoo headers was enough of a problem that they would change their DMARC settings to request deletion of unsigned mail with a Yahoo from address," he said. "In the three weeks since this change, Cloudmark has seen a 30 percent reduction in spam with Yahoo headers, compared with the prior three weeks, so it is clear that this was a good decision.”

Tell Us What You Think
Comment:

Name:

Yohun:
Posted: 2014-05-01 @ 1:29pm PT
Aol still exists? wow!

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
An easily avoided security lapse -- failure to use two-factor authentication on a single server -- is being blamed for the massive computer breach that hit JPMorgan Chase this past summer.

ENTERPRISE HARDWARE SPOTLIGHT
Flying under the radar just before Christmas, HP has launched a new version of its Chromebook 14, most notable for its touch screen and full high-definition display, plus more powerful specs.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.