Skip navigation

Lil gmail truhbble

Update May 15: Thanks to udim who references an arstechnica article:

“Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google’s SMTP service without fear of detection. This attack bypasses both Google’s identity fraud protection mechanisms and the current 500-address limit on bulk e-mail. ”

The ortinal article points out: “As of 3:00 PM today 5/12/2008, the flaw we have reported remains unpatched and exploitable. We have ran a new experiment where we were able to use our attack to send 2,000 messages using one Gmail account.


We would like to clarify to the security community that we have contacted Google about the issue more than a week ago and no response was provided despite our clear intent of cooperation regarding this matter.”

———

styshop.com and fly6666.com are scams. Both somehow hijacked my gmail account, but Gmail removes the Sender’s Origin IP, which makes tracking the breach difficult.

Sorry guys. All my gmail contacts just got spammed again, courtesy of something calling itself styshop.com. It’s the same thing that happened January 1, but that time the company was using fly6688.com. They’re the same vile organization, and I still don’t know how they perpetrate their crimes.

In both cases the message actually was sent via my gmail account. Not a forged header, but really sent via my account. That means that either

  1. the jerks have a trojan app running on one of my machines, or
  2. the jerks have hacked into my gmail account.

I’m guessing it’s (2) because (I think) the only machine on the network with gmail credentials is a new laptop. But then (1) is also a candidate since I’ve changed my password since the last bomb.

But, I can’t tell because gmail stripping off the senders’ origin IP. Boo, gmail

GMAIL SHOULDN’T STRIP OFF SENDER’S ORIGIN IP.

Received: by 10.70.78.7 with HTTP; Wed, 14 May 2008 09:58:15 -0700 (PDT)
Message-ID:
Date: Thu, 15 May 2008 00:58:15 +0800
From: "Israel LHeureux"
Reply-To: israel@g-edited-mail.com
To: xxxx@teleflip.com, xxxxx@tmomail.net,
	xxxxx@messaging.sprintpcs.com, xxxxx@sprintpaging.com,
	"xxxxx@mms.mycingular.com"

Yahoo includes “Received: from IP”

This makes it easy to see where the message originated. Yea! yahoo!

From Bessie Wilkes Mon Jan 18 19:14:07 2038
Return-Path:
Authentication-Results: mta293.mail.mud.yahoo.com  from=yahoo.com; domainkeys=neutral (no sig)
Received: from 58.121.1.29  (HELO mta293.mail.mud.yahoo.com) (58.121.1.29)
  by mta293.mail.mud.yahoo.com with SMTP; Mon, 21 Apr 2008 02:43:31 -0700
Received: from 156.4.20.60 by ; Mon, 21 Apr 2008 06:34:04 -0300
Message-ID:
From: "Bessie Wilkes"
Reply-To: "Bessie Wilkes"
To: isl4fal@yahoo.com
Subject: Top high-quality meds- Cialis,Viagra Online
Date: Tue, 19 Jan 38 03:14:07 GMT

With Yahoo mail, I can see that the sender’s origin IP (58.121.1.29) and use whois to trace that IP back to Hanaro telcom in Seoul, Korea.

With Gmail, I see that mail was originated…by HTTP.

k thx bye.

Change my password again. Look for trojans again. I just wish gmail would give me satisfaction.

In the spirit of Derek Trotter (411Eater) I’ve also contacted the gentlemen at the site “tomtom” sty.shop@hotmail.com He’s currently helping me with a DVD player, but I suspect the transaction won’t actually go though.

Hey tools, knock it off:

styshop.com is registered by wei li (cpylyl@hotmail.com) . No address

fly6688.com is registered by wang le (wangle@126.net) +299.1087625690 West Century Boulevard Inglewood, CA 16783 Los Angeles, MI 85052-8119

forestdj168.com is registerd by wang tao (wangtao@hotmail.com) +1.12017752711 washington, WA 07322

updated: title

Advertisements

One Comment

  1. Posted May 14, 2008 at 8:57 pm | Permalink

    Have you seen this recent gmail security flaw?
    http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html


One Trackback/Pingback

  1. […] know what they’re doing. But after reading this, and living though my own experiences with my gmail account getting hacked, it made me question Google’s decision-making process. “Here’s the exploit: All it […]

Post a Comment

You must be logged in to post a comment.
%d bloggers like this: