Doesn't look like my account was used but I changed the password anyways.


Java "Change!" phile

Interesting... it was only "com.au" Yahoo accounts that I received spam from not dot com.

Could it be some form of brute force spamming where the SMTP address is spoofed and spam is sent to a range of usernames? Or were the SMTP email addresses used by CSers to sign up to Coffee Snobs?

Nah, neither of those.
The email isn't coming from their yahoo accounts but is using their name.

It's tricky to post here without disclosing real information but I'll try.

Assume there is a CS'r called "John Smith" who uses an email account of johnsmith@yahoo.com.au

I'm getting junk mail from an account: johnsmith@tninet.se (junk domain but the real yahoo username)

And it was sent to the following people (me included)

alanfrew; allan; Amber Kane; andy rumary; andy; ann porter; annemarigold; anthrox; HINDER Miriam John Curtin College of th; AskUs; ben; bethan richards; Leanda; boarding rabbitshop; brianandcarols; brihan; Penny; churchill labs; CLARKE Tenielle John Curtin College of th Arts; coffee

Unfortunate for me that "andy" is so early in the alphabet!

So it looks like a real contact list that and all people that have had email from johnsmith@yahoo.com.au in the past and "might" click on the dodgy link included in the email that points to a OPEN.PHP webpage.

We get tonnes of spam but this is different in that it's using real usernames and their real contact lists... not lists made-up from educated or blind guesses.

So I have to assume that the at least the Yahoo contact lists were hacked, if not their whole webmail accounts.

We copped similar from hotmail a few years ago, those email addresses were brute forced and then all their contacts were emailed.

Andy, did the dodgy link purport to be to a document that came from a printer/scanner? Just asking as we had a bunch of stuff hit today of this nature.