Strange sieve script

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Strange sieve script

Jorge Bastos

Howdy,

 

I’ve seen some some time and in distinct users, a redirect script been added to an email that has nothing to do with them.

Maybe it’s for fishing or other intention, maybe even espionage, which is real nowadays.

 

Did anyone saw this in your users?

I catched this in a regular “mailq” investigation for problems

 


_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Strange sieve script

Egoitz Aurrekoetxea
Hi!

It’s a typical mail “stealing” technique. We created a patch for Roundcube, for notifying our customers about this kind situation. 

Cheers,


sarenet
Egoitz Aurrekoetxea
Dpto. de sistemas
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia)

Antes de imprimir este correo electrónico piense si es necesario hacerlo.

El 21 jun 2019, a las 21:53, Jorge Bastos <[hidden email]> escribió:

Howdy,
 
I’ve seen some some time and in distinct users, a redirect script been added to an email that has nothing to do with them.
Maybe it’s for fishing or other intention, maybe even espionage, which is real nowadays.
 
Did anyone saw this in your users?
I catched this in a regular “mailq” investigation for problems
 
<image001.png>
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users


_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Strange sieve script

Jorge Bastos
Hi Egoitz,

Sorry for the delay,
would you like to share the script, public or privately?

Jorge,

On 2019-06-24 7:27, Egoitz Aurrekoetxea wrote:

> Hi!
>
> It’s a typical mail “stealing” technique. We created a patch for
> Roundcube, for notifying our customers about this kind situation.
>
> Cheers,
>
> Egoitz Aurrekoetxea
> Dpto. de sistemas
> 944 209 470
> Parque Tecnológico. Edificio 103
> 48170 Zamudio (Bizkaia)
> [hidden email]
> www.sarenet.es [1]
> Antes de imprimir este correo electrónico piense si es necesario
> hacerlo.
>
>> El 21 jun 2019, a las 21:53, Jorge Bastos <[hidden email]>
>> escribió:
>>
>> Howdy,
>>
>> I’ve seen some some time and in distinct users, a redirect script
>> been added to an email that has nothing to do with them.
>> Maybe it’s for fishing or other intention, maybe even espionage,
>> which is real nowadays.
>>
>> Did anyone saw this in your users?
>> I catched this in a regular “mailq” investigation for problems
>>
>> <image001.png>_______________________________________________
>> Roundcube Users mailing list
>> [hidden email]
>> http://lists.roundcube.net/mailman/listinfo/users
>
>
>
> Links:
> ------
> [1] http://www.sarenet.es
> _______________________________________________
> Roundcube Users mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users