topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 7:46 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Chrome permits bad websites to send spam from one's email account???  (Read 7318 times)

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Hi, all.  I'm trying to get more information about something I've just been told about Google Chrome.  Yesterday, I received a spam message from someone I know.  I assumed that her email account had been hacked, and I wrote to her to let her know.  Today, I received a reply from her, saying that "Actually, there is some kind of security gap in Google Chrome that allows a bad website to send out spam from my account."  I'm highly skeptical of this explanation.  I'd imagine that 1) if there were so serious a flaw in Chrome, there would have been mention of it in lots of places that I read, and 2) Google would have quickly found a way to fix it.  I don't use Chrome, but if I did, I'd drop it like a hot potato if it had such a flaw.   Has anyone here heard of or experienced this flaw?

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Yesterday, I received a spam message from someone I know.

Just for the record, when you say "from", do you mean you checked the headers and it looked like it was a message genuinely sent from her account, or just that the "From:" field in the e-mail contained her e-mail address?

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Just for the record, when you say "from", do you mean you checked the headers and it looked like it was a message genuinely sent from her account, or just that the "From:" field in the e-mail contained her e-mail address?
Good question, Jibz.  The message was such obvious spam that I didn't bother to check the headers.  I simply assumed that someone had hacked her MSN email account and was now sending spam to everyone in her addressbook.  I wrote to let her know, and in response I got the explanation I quoted in my original message here.  It didn't seem like a likely explanation, so I thought I'd post a message here and see whether anyone has heard of a similar "problem" with Chrome.  But now that you've asked, I looked at the headers.  There weren't a lot, especially before the message was received at my university (where I have the email account to which the message was sent).  Here are some key pieces of info from the headers (I've changed the name of the person I know to janedoe and my university's address to ********.edu):

The return path header was Return-Path: <[email protected]>

The headers from the start to when it got to my university were as follows:
Received: from snt0-omc4-s11.snt0.hotmail.com (snt0-omc4-s11.snt0.hotmail.com [65.55.90.214])
   by ********.edu (mx3.********.edu) with ESMTP id q5I2vdq7025380
   for <cyberdiva@********.edu>; Sun, 17 Jun 2012 22:57:41 -0400 (EDT)
Received: from SNT102-W47 ([65.55.90.201]) by snt0-omc4-s11.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Sun, 17 Jun 2012 19:57:38 -0700
Message-ID: <[email protected]>
Content-Type: multipart/alternative;
   boundary="_cea715e6-4a2e-4c6d-9814-454a114fd041_"
X-Originating-IP: [189.224.78.19]
From: Jane Doe <[email protected]>

If the Originating IP # is not forged, it's in Mexico.  I don't know where this person lives (I "know" her only via listservs we're both on); I kinda doubt she's in Mexico, though it's not impossible.  The message-ID ends in @phx.gbl, which is apparently something that appears in many messages from Microsoft-related mail.  Since she's got an account at msn.com, I guess that makes sense.  Perhaps so too does the appearance of hotmail.com in one of the headers, I don't know.  All the unshown headers after these (leading up to the Return-Path header) look normal.  They're all internal to my university.

So no, it's not just the "From" field that makes me think it came from her account, but the Originating-IP in Mexico does give me pause.  I'm not sure, however, whether the headers indicate clearly whether her email account was simply hacked or whether somehow a "bad website" was able to send spam from her account (her explanation).  Any thoughts?

Thanks in advance.

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
I'd go with Hotmail hacked. It's happened to me, same kind of thing, everyone in my Hotmail contacts started receiving spam saying it was from me.

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
I'd go with Hotmail hacked. It's happened to me, same kind of thing, everyone in my Hotmail contacts started receiving spam saying it was from me.

Yeah, the headers look fairly believable, and if there was some security hole that would allow this in any browser, I am sure it would be widely publicized.

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Thanks, nudone and Jibz.  I tend to agree with you.  I can't imagine why she thinks it's a security hole in Chrome that is causing this, especially since there doesn't seem to have been any publicity about this rather serious problem.  And yes, I know several people who have had their hotmail accounts hacked.  But is hotmail the same as msn?  I hadn't thought so, though they're both Microsoft.  She's got an msn.com address.  Oh well, no reason that msn is any safer than hotmail.

Again, many thanks.  I figure if the folks at DonationCoder haven't heard about this supposed security hole, it probably doesn't exist.

NigelH

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 210
    • View Profile
    • Donate to Member
Actually, I was hit by something similar via my Yahoo email account just a few weeks ago
I clicked on a link (in an email that I thought was valid) but did not verify the link first. Yeah , stupid I know.
It was an email from a friend and the subject matter appeared similar to what we'd been discussing recently.
I was signed into my email a/c at the time and the Javascript code on the site managed to access my Yahoo contacts and broadcast the same spam link to many of my contacts - including subscription list email addresses. Ticked me off no end.
I was using Opera 11.64 at the time and thought my Yahoo a/c had been hacked.
The IP sign-in logs in the Yahoo account had only my IP address - the last sign-in was the day before.

If anyone would like see the specific links, PM me.

Phishing target site at WOT:  http://www.mywot.com...orecard/wa15news.net
Whois info : http://whois.domaint...ols.com/wa15news.net
This was one target site as well:  http://whois.domaint...ols.com/ca15news.net

Pity it was not caught by OpenDNS phishing checks.
Unfortunately, I also had Opera's Fraud and Malware Protection turned off (not any more though).




Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
That is interesting .. just for clarity, were you looking at the e-mail where you clicked a link from within your yahoo account, or was it somewhere else? I hope it is not possible to access stuff like your address book from remote sites.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Yeah I've heard of this security problem before. It's called PEBKAC. Unfortunately it is a vulnerability that exists with all browsers. :(

NigelH

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 210
    • View Profile
    • Donate to Member
...were you looking at the e-mail where you clicked a link from within your yahoo account ...
-Jibz
Yes - did a right-click then open in background tab.

.. It's called PEBKAC ..
-Deozaan
I trust you enjoyed that.




Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
...were you looking at the e-mail where you clicked a link from within your yahoo account ...
-Jibz
Yes - did a right-click then open in background tab.

.. It's called PEBKAC ..
-Deozaan
I trust you enjoyed that.

Well, if the browser allows arbitrary javascript in one tab to do stuff on another tab, I would call that more of a browser problem than an "Error 40". Or perhaps a web e-mail API problem?