spam email when checking outlook webmail at Singapore Qantas lounge?

[qwsoftware]

I know this sounds strange,but it is occurring:-
My boss flies to Europe very often, he always stops at the Qantas lounge in Singapore there and back. Via Qantas lounge wireless and checks email (via outlook web interface that is secure https). He generally gets some junkmail 5 per day but when he is at this lounge he gets approx 20 junk emails (cough etc) approx around the time he is there. You can even see the pattern of when he was at the lounge.

Does anyone know why and how? - I support him with IT and can't explain this.

Thanks
Matt

 

[Dave Noble]

Does he normally check mail using Outlook and have spam disappear off and hide in a spam folder whilst when checking online all of the mails appear?

 

[qwsoftware]

Hi Dave,

strange thing is his email gets checked from the office in Australia as well at the same computer that he normally uses and that is when we notice the lot more spam email is received within a few hours of him visiting the lounge. The netbook he uses had up to date virus/spyware protection and just uses outlook via the secure web interface.

We thought it was a coincident but after the last 6 trips in 3 months it is always when he is at this lounge. When his assistant checks his email in Australia she says, he has been to the lounge again - look at all these spam emails.

Very strange.. Just cant explain it..

 

[markis10]

Webmail may be opening up a port and its entirely likely someone may have put a SPAM bot on the QP machine which then uses that unprotected port to generate spurious messages perhaps?

 

[Mal]

Webmail may be opening up a port and its entirely likely someone may have put a SPAM bot on the QP machine which then uses that unprotected port to generate spurious messages perhaps?

Nah, I can't see how this would be possible.
Firstly it's a corporate laptop, rather than a QP machine.
Secondly it's a SSL connection back to the corporate. Granted the SSL connection could be broken and interfered with (public wireless networks really aren't secure), but that doesn't sound likely in this case.

I'm mystified.

While pondering this earlier today, I really think it's pure co-incidence, or something very similar to Dave Noble's idea.

 

[markis10]

I was thinking it was a QP computer , you do find all sorts of things on those. I reread the OP s message and its a netbook, does it have IDS as well as AV/AS installed?

While there is a secure connection back to the server, or a tunnel in this case, you are still using the net and an unsecure connection, next time the SIN QP is used I would suggest using a different browser to see if that makes a difference, if the webmail supports it, interestingly my IDS alerts have only happened when using the QP wireless in Australia .