Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BleepingComputer being exploited by spammers? (Ketones / Green Wise Debt Relief)


  • Please log in to reply
3 replies to this topic

#1 LeeLorenzSr

LeeLorenzSr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 08 August 2018 - 10:50 AM

I finally signed up here to report this interesting bit of e-mail I got today.
 
I received an e-mail with a subject of "- - Welcome to Greenwise Debt Relief RFK" and was about to delete it as junk spam... and then I saw the body of the message:
This email has been sent from https://www.bleepingcomputer.com/forums/index.php You have received this email because this email address was used during registration for our forums. If you did not register at our forums, please disregard this email. You do not need to unsubscribe or take any further action. Activation Instructions Thank you for registering. We require that you "validate" your registration to ensure that the email address you entered was correct. This protects against unwanted spam and malicious abuse. To activate your account, simply click on the following link: https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register&do=auto_validate&uid=1095361&aid...
A hyperlinked single word, "Welcome" below the BleepingComputer verification message linked to http://ohours.healtrehouse.com/ci0=Y... (Not going to post the entire link, as it is likely malicious)
 
The user agent reported in the headers is "Lucee Mail" which is not the same one used (and I just verified by registering, heh) by this forums.
 
So why is the body of somebody's BleepingComputer forums verification message embedded in a spam e-mail? Is it a secondary effect from somebody's PC being infected when they tried to sing into these forums, or somebody exploiting this forum's software?

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:41 PM

Posted 08 August 2018 - 10:59 AM

Your guess is as good as mine as to why they are including our registration email. Maybe they think it will bypass spam filters this way?

Law Enforcement has been notified, but otherwise not much more I can do about this.

These emails are not originating from BleepingComputer or any of our servers. Rather they are coming from numerous european based IP addresses on a bunch of the spam samples I have received.

#3 LeeLorenzSr

LeeLorenzSr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 08 August 2018 - 11:11 AM

Yeah, probably gets it by spam filters. The UID might give you some clues (IP or e-mail) who is doing this.

 

Thanks for the prompt response! You guys are the best, I've been using your site for years!



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:41 PM

Posted 08 August 2018 - 11:59 AM

That UID is already banned and they prob registered to generate that one email.

Doing the best I can to find other ways to stop this. Thx for the compliments :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users