the_ultimate_evil
CURSE YOU GIN MONKEY.
- Joined
- Jul 27, 2001
- Messages
- 22,773
- Reaction score
- 47
- Points
- 58
is anyone stupid enough actually click the link, other of there morbid curiosity
Received a spam e-mail from "SHH"
- Thread starter Asr
- Start date
04nbod
I need to debrief you
- Joined
- Jan 16, 2006
- Messages
- 10,546
- Reaction score
- 7
- Points
- 58
maybe some posters who posted twice and never came back?
G
GreyCat
Guest
If your tech people are trying to exterminate this person ("justifiable homicide" as far as I'm concerned), mine has a different HEADER information, with a different return path.
Although I suppose they could have bogarted some unsuspecting person's return path.
Same message, though.
Does this mean the member list/email addresses were hacked into?
- - - - - - - MESSAGE - - - - - - - -
Received: by 10.114.209.19 with SMTP id h19cs35329wag;
Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Received: by 10.65.112.5 with SMTP id p5mr24917260qbm.52.1205529387302;
Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Return-Path: <[email protected]>
Received: from debby.zenacus.com (198-169-127-116.innovationplace.com [198.169.127.116])
by mx.google.com with ESMTP id p4si15488499qba.15.2008.03.14.14.16.26;
Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Received-SPF: neutral (google.com: 198.169.127.116 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=198.169.127.116;
Authentication-Results: mx.google.com; spf=neutral (google.com: 198.169.127.116 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Date: Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Message-Id: <[email protected]>
Received: by debby.zenacus.com (Postfix, from userid 33)
id 7EB4F8E0A0; Fri, 14 Mar 2008 15:16:56 -0600 (CST)
To:
Subject: Dear User!
From: [email protected]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="63ea4ab52e48ac8801fe37dec966fc15"
Message-Id: <[email protected]>
Date: Fri, 14 Mar 2008 15:16:56 -0600 (CST)
--63ea4ab52e48ac8801fe37dec966fc15
Content-type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
Some technical work site superherohype.com is not working!
Welcome to our new site w w w.modern drummer.c o m
Every 5-th visitor will receive a prize!
Apologize for the inconvenience!
--63ea4ab52e48ac8801fe37dec966fc15--
Although I suppose they could have bogarted some unsuspecting person's return path.
Same message, though.
Does this mean the member list/email addresses were hacked into?
- - - - - - - MESSAGE - - - - - - - -
Received: by 10.114.209.19 with SMTP id h19cs35329wag;
Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Received: by 10.65.112.5 with SMTP id p5mr24917260qbm.52.1205529387302;
Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Return-Path: <[email protected]>
Received: from debby.zenacus.com (198-169-127-116.innovationplace.com [198.169.127.116])
by mx.google.com with ESMTP id p4si15488499qba.15.2008.03.14.14.16.26;
Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Received-SPF: neutral (google.com: 198.169.127.116 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=198.169.127.116;
Authentication-Results: mx.google.com; spf=neutral (google.com: 198.169.127.116 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Date: Fri, 14 Mar 2008 14:16:27 -0700 (PDT)
Message-Id: <[email protected]>
Received: by debby.zenacus.com (Postfix, from userid 33)
id 7EB4F8E0A0; Fri, 14 Mar 2008 15:16:56 -0600 (CST)
To:
Subject: Dear User!
From: [email protected]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="63ea4ab52e48ac8801fe37dec966fc15"
Message-Id: <[email protected]>
Date: Fri, 14 Mar 2008 15:16:56 -0600 (CST)
--63ea4ab52e48ac8801fe37dec966fc15
Content-type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
Some technical work site superherohype.com is not working!
Welcome to our new site w w w.modern drummer.c o m
Every 5-th visitor will receive a prize!
Apologize for the inconvenience!
--63ea4ab52e48ac8801fe37dec966fc15--
the_ultimate_evil
CURSE YOU GIN MONKEY.
- Joined
- Jul 27, 2001
- Messages
- 22,773
- Reaction score
- 47
- Points
- 58
guys please if you post the e-mail, at least put a space in the site so it doesn't become a link
Kirk Langstrom
FRANCINE!!!!
- Joined
- Apr 30, 2000
- Messages
- 20,832
- Reaction score
- 499
- Points
- 88
Got one as well. Thankfully i didnt click the link.
If anyone has a standing credit card account anywhere, shouldnt they be encouraged to delete it?
If anyone has a standing credit card account anywhere, shouldnt they be encouraged to delete it?
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
Guys we are really working on it.
I suggest THIS.
Your email addresses you have that are registered to Hype!, change the passwords, cant be to careful. I doubt they will bother, this looks at this point to be a Monetary Malware attack. (they work to infect a site, with Malware for financial gain in the end)
I suggest THIS.
Your email addresses you have that are registered to Hype!, change the passwords, cant be to careful. I doubt they will bother, this looks at this point to be a Monetary Malware attack. (they work to infect a site, with Malware for financial gain in the end)
Spider-Man Luvr28
Amazing.
- Joined
- May 10, 2003
- Messages
- 28,191
- Reaction score
- 2
- Points
- 58
Wow. I've had the same password since I first joined & now I gotta change it.
Oh well, better to be safe than sorry.
Oh well, better to be safe than sorry.
Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
Just so you know, I got it as well
The line - Return-Path: <[email protected]>
This looks to show the site that was originally hacked, and they used it to send out FORGED emails (which is not hard)
The emails sent out looking like us came from debby.zenacus.com, just my guess at first glance.
The line - Return-Path: <[email protected]>
This looks to show the site that was originally hacked, and they used it to send out FORGED emails (which is not hard)
The emails sent out looking like us came from debby.zenacus.com, just my guess at first glance.
Code:
From - Fri Mar 14 19:27:36 2008
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <[email protected]>
Delivered-To: [email protected]
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on way2fst.nexcess.net
X-Spam-Level:
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO,
NO_REAL_NAME autolearn=no version=3.1.9
Received: (qmail 1245 invoked by uid 108); 14 Mar 2008 21:22:03 -0000
Received: from unknown (HELO debby.zenacus.com) (198.169.127.116)
by way2fst.nexcess.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 14 Mar 2008 21:22:03 -0000
Received-SPF: none (way2fst.nexcess.net: domain at debby.zenacus.com does not designate permitted sender hosts)
Received: by debby.zenacus.com (Postfix, from userid 33)
id 0901C8E8C7; Fri, 14 Mar 2008 15:22:32 -0600 (CST)
To: [email protected]
Subject: Dear User!
From: [email protected]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e9fb0d6e44e917d426e6e107b54d2a20"
Message-Id: <[email protected]>
Date: Fri, 14 Mar 2008 15:22:32 -0600 (CST)
--e9fb0d6e44e917d426e6e107b54d2a20
Content-type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
Some technical work site superherohype.com is not working!
Welcome to our new site www.moderndrummer.com
Every 5-th visitor will receive a prize!
Apologize for the inconvenience!
--e9fb0d6e44e917d426e6e107b54d2a20--
Spider-Man Luvr28
Amazing.
- Joined
- May 10, 2003
- Messages
- 28,191
- Reaction score
- 2
- Points
- 58
Shouldn't the password change be an announcement as well?
SuperHeroHype
SHH! Creator
- Joined
- Jun 6, 2001
- Messages
- 4,272
- Reaction score
- 7
- Points
- 58
That's going to create an unnecessary panic methinks. We have enough problems with some people needing their passwords changed, now you're telling thousands of people to. I just don't think it's necessary, although you can never be too careful. Like Malice said, I'm actively talking to our host about these recent attacks and they aren't taking them lightly. We've been going over things for a week now.
Thanks for your patience.
Thanks for your patience.
SuperHeroHype
SHH! Creator
- Joined
- Jun 6, 2001
- Messages
- 4,272
- Reaction score
- 7
- Points
- 58
You don't run virus scans for spyware. See Malice's thread for spyware advice.
Spider-Man Luvr28
Amazing.
- Joined
- May 10, 2003
- Messages
- 28,191
- Reaction score
- 2
- Points
- 58
Should we change our passwords then?
SuperHeroHype
SHH! Creator
- Joined
- Jun 6, 2001
- Messages
- 4,272
- Reaction score
- 7
- Points
- 58
It wouldn't hurt.
Spark
Civilian
- Joined
- Jun 12, 2006
- Messages
- 813
- Reaction score
- 0
- Points
- 11
Yeah, it was just some crappy music site. It obviously downloaded something to my comp because it tried to access the internet. Probably one of the things AOL blocked.
I hope...
Jerry!
Superhero
- Joined
- Apr 24, 2007
- Messages
- 5,728
- Reaction score
- 0
- Points
- 31
Users who are viewing this thread
Staff online
-
DKDetectiveElementary, Dear Robin (he/him) -
Lily Adler#forthecontent! 📹 (she/her) -
SwordOfMorningSuper Moderator
