Jump to content
Posted 03 May 2012 - 07:50 PM
Posted 03 May 2012 - 07:58 PM
As we mentioned earlier, this particular campaign was not the only spam run we investigated. We found clear evidence that all these attacks were linked. In many cases, the same sets of compromised URLs were used by multiple spam runs. This suggests that at least some of the parties responsible for these attacks were identical, if it was not the same group altogether.
Edited by Union_Thug, 03 May 2012 - 07:59 PM.
Posted 08 May 2012 - 05:18 PM
Posted 09 May 2012 - 07:41 AM
Return-Path: email@example.com Received: from mx04.back.prod.mail.xxxxxxxx (LHLO mx04.xxxxxxxxxxxx) (10.160.210.164) by mailstore11.back.prod.mail.xxxxxxxxxx with LMTP; Tue, 8 May 2012 19:55:58 +0200 (CEST) Received: from localhost (filterin04.back.prod.mail.xxxxxxxx [10.160.210.224]) by mx04.xxxxxxxxxx (Postfix) with ESMTP id 80FF38200B for xxxxxxxxxxxxxxxxxxx Tue, 8 May 2012 19:55:58 +0200 (CEST) Received: from mx01.xxxxxxx ([10.160.210.161]) by localhost (filterin04.back.prod.mail.xxxxxxxxxx [10.160.210.247]) (amavisd-new, port 10024) with ESMTP id HjgeMeK-5LNa for xxxxxxxxxxxx Tue, 8 May 2012 19:55:58 +0200 (CEST) Received: from mx01.xxxxxxx (localhost [127.0.0.1]) by mx01.xxxxxxxx (Postfix) with ESMTP id 5354F86217 for xxxxxxxxxxxxxxx Tue, 8 May 2012 19:55:58 +0200 (CEST) Received: from procamserver.com (procamserver.com [188.8.131.52]) <--------------------------- by mx01.xxxxxxxxxxxxxxxx (Postfix) with ESMTP for xxxxxxxxxxxx Tue, 8 May 2012 19:55:58 +0200 (CEST) Received: from USER (ip-94-242-219-26.as5577.net [184.108.40.206] <--------------------------- (authenticated bits=0) by procamserver.com (220.127.116.1160614/8.13.6) with ESMTP id q48HtFZ0088139; Wed, 9 May 2012 03:55:16 +1000 (EST) Date: Wed, 9 May 2012 03:55:16 +1000 (EST) Message-Id: <201205081755.q48HtFZ0088139@procamserver.com> Content-Type: text/html SUBJECT: Limited Account Access FROM: Western Union<firstname.lastname@example.org> To: undisclosed-recipients:; X-Scanned: by Cloudmark authority (on mx01.xxxxxxxxxx) X-CMAE-Analyze: .v=2.0 cv=Ee9/toaC c=1 sm=0 p=R7FwDDW0AtINHl2Gip0A:9 a=8EU9Q7FnrCoA:10 a=tmcq72v-AAA:5 a=bRIPQUuPj2w3UAjUXPIA:7 a=_W_S_7VecoQA:10 a=YBqNEKVEs08JbnI0:21 a=VIYFME_NS8jtHh6l:32 X-CMAE-Score: .100 Dear Western Union valued customer, You received this email as a notice for the database update for this month. This update is designed by our IT engineers to provide higher security to our customers online accounts, prevent unauthorized account access and other types of online fraud. You are required to update your online profile by clicking on the following link: Click here to access your online profile [links to: account53334514.bpostaleonline.com/wueurope/?signInAction=do] Click here to access your online profile [links to: account4808wu6102.ijuwele-online.com/account/?profile.update=yes] Please note that this a one-time task that will take only 3-5 minutes of your precious time. However, failure in updating your profile will result in limiting your account access. We appologize for any inconvenience. Thank you, William J. Lucas, IT Assistant, Western Union Europe.
0 members, 0 guests, 0 anonymous users