HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 12 MINUTES AGO.
- BREAKING NEWS -
How did North Korea hack into Sony's systems? A US official tells CNN the method was by stealing a system administrator's credentials. More on this story soon.
X

You are here: Home / Data Security / AOL Hacked: Zombie Spam to Inboxes
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
AOL Hack Drives Zombie Spam to Inboxes
AOL Hack Drives Zombie Spam to Inboxes
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
01
2014

Many early Internet users had AOL e-mail addresses at one time or another -- and some still have active accounts they rarely, if ever, use. Considering the rise of AOL-related zombie spam this week, it may be time to delete those old AOL e-mail accounts.

AOL on Monday admitted it’s investigating a security incident that involved “unauthorized access” to its networks and systems. In other words, the ISP was hacked. The company is working with forensic experts and federal authorities to investigate the incident and determine how cybercriminals were able to steal the personal information of its e-mail account holders.

“This information included AOL users' e-mail addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information,” the company said in a statement. “We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2 percent of our e-mail accounts.”

Who’s Behind the Zombie Spam

We caught up with Andrew Conway, a research analyst at messaging protection firm Cloudmark, to get his take on the zombie spam fallout. He told us there are two or three different groups involved in monetizing the zombie spam. One group is known as Com Spammers.

“The Com Spammers currently have three forms of monetization -- diet pills, miracle skin cream, and a pernicious work from home scam that involves extracting larger and larger payments for training and services based on the promise of future riches,” Conway said.

“Similarly, if you order the diet pills, you will find yourself signed up for a monthly purchase on your credit card, which is very hard to cancel. We estimate that the revenue generated by this group is millions of dollars a year. They are spending $50,000 to a $100,000 a year in domain registrations alone,” he added.

it appears one of the Com Spammers accessed information on a number of AOL accounts and started sending out high volumes of spam about two weeks ago, Conway said. The zombie spam used the “from” address of the hacked account and sent the spam to everyone in the victim’s address book.

Where Does DMARC Fit In?

Conway explained that there are two standards that have long been available to allow senders to digitally sign an e-mail message -- and guarantee it was actually sent by the account holder. However, he added, there was no standard about what to do if the message was unsigned or if the signature was invalid until DMARC (Domain-based Message Authentication, Reporting and Conformance) came along in 2012.

The DMARC standard allows the domain owner to use a DNS record to specify exactly how he would like unsigned or forged e-mails with his domain in the “from” address to be treated, Conway said. Unfortunately for end users, not all e-mail is tested with DMARC and large Web mail providers at first were slow to use it. AOL just changed its DMARC policy to “reject,” which better protects e-mail addresses on its system from unauthorized use. Conway uses Yahoo as an example of how DMARC helps.

“There are legitimate reasons why someone might use a Yahoo mail address, say, but not use Yahoo for delivery, the most common ones being legitimate bulk mailings by an e-mail service provider or traffic through mailing lists,” Conway said.

“However, there are alternative methods for dealing with both of those cases, and three weeks ago Yahoo decided that e-mail with forged Yahoo headers was enough of a problem that they would change their DMARC settings to request deletion of unsigned mail with a Yahoo from address," he said. "In the three weeks since this change, Cloudmark has seen a 30 percent reduction in spam with Yahoo headers, compared with the prior three weeks, so it is clear that this was a good decision.”

Tell Us What You Think
Comment:

Name:

Yohun:
Posted: 2014-05-01 @ 1:29pm PT
Aol still exists? wow!

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
ICANN has been hacked. The nonprofit organization that manages databases of domain names is investigating a system intrusion that compromised its domain name servers.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.