Box of Meat antispam blog has a link to an article on ZDNet: 1.5m spam emails sent from compromised University accounts. Some excerpts:
“Hackers gained access to the University of Otago staff email server recently and used it to send out an estimated 1.55 million spam emails in 60 hours, after tricking four staff members into revealing their login details. The huge volume of spam mail resulted in legitimate emails being rejected or delayed by other systems, information services manager Mike Harte said. They were re-sent once the spam attack was over. The staff members responded to “spear phish” emails which claimed to be from the IT department and asked people to reconfirm their user names and passwords or their email access would be withdrawn.”
The spammers didn’t just abuse the clean IP reputation of the University, they also had its mail servers blacklisted thereby causing a DoS attack to its staff and students.
I can personally confirm that education institutions are one of the worst offenders for having email accounts compromised and then having spammers start spewing out a whole pile of spam through those accounts. The result is that the service's outbound IPs get tarred and feathered across certain receivers of email and certain blocklists.
I'd like to say that those guys (universities) need to crack down on security and protect their passwords, but it's a tall order. How do you monitor an entire population of students and faculty? Even if 99.9% of people in a 20,000 person campus keep their passwords secure, there are still 20 people who might hand them over. That's plenty for a spammer to abuse.
Comments
Anonymous
August 18, 2008
PingBack from http://hubsfunnywallpaper.cn/?p=1210Anonymous
August 19, 2008
The comment has been removedAnonymous
August 19, 2008
Perhaps you'd like to take a look at the list archives for the "higher education email administrators mailing list" to see how much effort higher educations are putting into stopping this problem? http://listserv.nd.edu/cgi-bin/wa?A0=HIED-EMAILADMIN The answer is: A lot.Anonymous
August 19, 2008
I would like to see how the author "can personally confirm" this. As a University admin I CAN in fact personally confirm we do A TON of work attempting to stop outbound spam. Sometimes at the risk of angering constituents and spending money that could have been used to improve education.Anonymous
August 19, 2008
Darren, I can personally confirm this because we have problems with outbound spam. By backtracking back to the source of it, educational institutions are by far over-represented as the source of the outbound spam.Anonymous
August 19, 2008
Anon, While I don't doubt that higher education email admins are putting in a lot of work to educate users, as I say to Darren, most of our outbound spam problems are over-represented by universities. Like us, I agree that it is an uphill battle.Anonymous
August 20, 2008
Of the 40 reply-to addresses in these phishing messages that I'm currently logging and blocking: 19 are in the live.com or hotmail.com domain 10 are in the gmail.com domain Also, keep in mind that maybe university accounts are being compromised because they are attacked more often than, say, ISP accounts that offer limited services to the account holder. Assuming that a higher attack rate should be taken into account when judging the security of a population....or a platform.Anonymous
August 21, 2008
Also note that my company doesn't send out email for Hotmail, Gmail, etc. That would change my perspective completely.Anonymous
August 23, 2008
Your company doesn't send out email for Hotmail? Then what does your company do, contract with some other company to send out email for Hotmail?