please disable spamming account: romaric-michon

Asked by Kees Cook on 2011-03-02

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
[LEGACY] Canonical WebOps Edit question
Last query:
2011-03-02
Last reply:
2011-03-02
Curtis Hovey (sinzui) said : #1

I have contacted the user and asked him to confirm he has taken control of his computer, browser, and email account. We are seeing a many cases where users have compromised browsers that are sending the email through web mail, or the email is just using the users registered email address. I will suspend the user if he does not reply in the next day.

Starbetrayer (starbetrayer) said : #2

I have updated my password.
It looks to me as an exploit in gmail as it has been going on for months.
same pattern.
I contacted Curtis explaining the situation.
Please understand that it was none of my doing (the IP was in albania and I am in the US).
I am very sorry for that.

Starbe

Curtis Hovey (sinzui) said : #3

I assigned this issue to an admin who can delete the bug comment. Or I will if I get the super power this week.

We have seen users with JS in their cache that compromises gmail and yahoo webmail. The new attack
"...will see a mobile connection that you send emails to your contacts. As gmail dumbly add email addresses to your contact list..." looks like there is little a user can do to prevent the issue.

Starbetrayer (starbetrayer) said : #4

Please see here

http://www.google.com/support/forum/p/gmail/thread?tid=77127463d8f40cb6&start=400

"bkc56, I've been reading the hundreds of posts here for months, and I have found that less than one percent of the people reporting this problem have found any of their information changed: signature, settings, recovery email and so on are unchanged and intact. The only thing universal: spam is sent out through a mobile phone. In the few instances where account settings have been changed, I believe those hacked accounts are not part of this particular exploit, but another. This exploit is all about sending out spam. It's not identity theft. After spamming the crap out of the account, the spammers drop it, usually within minutes. They have no reason to mess with the account any further. There are plenty of other gmail accounts for them to use to send spam. Conclusions from reading this thread: --a large criminal organization gradually accumulated a tremendous number of gmail account passwords, probably over several months. Number one source of the passwords: folks re-using passwords at insecure sites (my personal theory) --using cell phone access from countries all over the world, the criminals accessed the gmail accounts to send out spam. The scale of it suggests automation. Individuals did not sign into our accounts and send out spam, bots did. --after sending out spam, the criminals dropped those accounts and moved on to the next batch --google was and is poorly prepared for an exploit of this scale --in regards to this exploit, google continues to communicate with its customers with all the skill of a slug For instance, you don't work for google, and yet you have been the main source of info for a worldwide criminal problem that has affected tens of thousands, if not more. It is bizarre that google relies on volunteers to handle a problem so serious and so widespread. I continue to keep my gmail contact lists as empty as possible. The few contacts in them have deliberate misspellings in the email addresses. I don't trust google for email any more -- and frankly nothing else, either. I removed all data from my profile. Not because I think google is easy to hack, but because I don't trust google to communicate with me if anything goes wrong. "

Can you help with this problem?

Provide an answer of your own, or ask Kees Cook for more information if necessary.

To post a message you must log in.