0

I imagine it won't take long for spammers to recognize that Heartbleed is an ideal way to do phishing. I am thinking of ways to mitigate the phishing risk, I mean just this time for the heartbleed bug, not generally.

End-users will likely receive many official emails asking to go to a website and reset the password. Maybe this even becomes advertised in radio or television. If spammers do a good job, they can easily slip in and have a high success rate.

What can I do as a server administrator (particularly hosting IMAP servers) to filter specifically the heartbleed spam and let official mails through?

I already have general spam filters applied and grey-listing enabled. But if I had e.g. a more complete list than the top 500 vulnerable sites, it would be possible to only forward mails sent by those domains and disallow others. Of course that list should be confirmed by some more official organization.

Thomas Weller
  • 135
  • 11
  • Send out an email to your users reminding them never to click links in an email like that, but instead to open a browser and go to the correct web site that they have used before instead? – psusi Apr 09 '14 at 22:49
  • 1
    @psusi Heartbleed makes a nasty kind of phish possible: After locating a web site which still has the vulneratbility, the phisher send a "legitimate" email which links to the correct site. This is done in order to increase traffic to the site. The attacker then uses the heartbleed exploit to mine passwords and what-not. The phish isn't the main attack, but it's a way to make the main attack more fruitful. – Wayne Conrad Apr 09 '14 at 23:15
  • @WayneConrad, I would hope that sites would have shut down and patched already. – psusi Apr 10 '14 at 01:16
  • 3
    @psusi Even people who should know better don't always do the right thing. Or they may have business processes that prevent them from acting in a timely manner. For instance, a large company that sounds similar to Yeehaw! was leaking user data for many hours after patches were available. They might still be, for all I know. – Michael Hampton Apr 10 '14 at 03:52

0 Answers0