IceWarp's Security Experts Discover New Hacking Pattern

Computers all over the world are falling prey to a new, sophisticated spam delivery method that can destroy even the most sophisticated defense systems. IceWarp’s (News - Alert) security experts have reportedly busted the method that cyber cons are employing to attack computers worldwide.

In a demonstration IceWarp security’s situation analysis team showed that the hackers are taking advantage of the people’s negligence in this ground. The hackers first grab hold of password to social media accounts, steal the corporate E-mail address and then use this combo to break into a corporate E-mail system. Once the hacker gains access to an E-mail account, rest becomes easier. He then gains access to the whole gamut of recent E-mails sent by the account owner.

The next step involves sending spam to these hijacked e-mail addresses. The unsuspecting user, receiving the e-mail from an approved sender opens the mail. Since there is nothing suspicious in getting an e-mail from a person on recipient’s server white list, it is nearly impossible to detect such spam attacks.

 “The email address is decomposed into two parts, where the domain part is used to lookup the mail server using its DNS MX record (publicly accessible), and the username authenticates that user to the server. Once intruders get access to server, they look into the IMAP folder for the recent emails sent by the account’s owner,” said Antonin Prukl, IceWarp Technical Director, in a statement.

Prukl continues to warn explain that IceWarp’s messaging platform, IceWarp Messaging Server comes with strong password administration features that can force users to change their password when they log on with just a few clicks of mouse. The next version of IceWarp Messaging Server is scheduled for release in the second quarter of this year.

In its analysis, the IceWarp experts pointed out that the only effective solution lies in adopting a stricter password enforcement policy and sounder technical abilities to force users to change passwords at the first signs of such an attack.