BLOG

First spam to Epsilon leaked address

This morning I received the first two spams to the address of mine that was compromised during the Epsilon compromise back in April. Actually, I received two of them. One was the “standard” Adobe phish email. The other was similar but referenced Limewire instead of Adobe.

Have you heard the big news? Limewire has shut down for good.

Want to know what other people are using as their alternative?

Find Out Here : http://www.phishingdomain.here.example.com

Our limewire alternative has been adopted by millions of limewire users around the globe.

Same great features, tons of files and it’s easy to use

Enjoy

Jimmy Choo
Limewire Insider

One of the very interesting things about this spam is that it came through an ESP. It looks like the customer of another ESP was compromised and their account used to send the spam.

Looks like the spam to the stolen Epsilon data has started.

3 comments

  1. Derek Harding says

    I’ve received a few now. So far they’ve all been sent to tagged addresses I gave to Chase. Many were sent via other compromised ESPs.

  2. laura says

    Chase seems to be the common thread here.

    Steve was notified of one of his addresses leaking and he’s not seen any spam to it. I suspect it’s a big enough group of addresses that the spammers are mailing them in chunks or importing them / cleaning them slowly.

  3. Pete Austin says

    Re: “One of the very interesting things about this spam is that it came through an ESP.”

    Obvious question, but do you have the full message headers? If no (for example if the email came via Exchange) you really can’t be sure it came from an ESP. Happy to help in the unlikely event that you need it.

Comment:

Your email address will not be published. Required fields are marked *

  • HE.net DNS problems

    Hurricane Electric had a significant outage of their authoritative DNS servers this morning, causing them to return valid responses with no results for all(?) queries. This will have caused delivery problems for any mail going to domains using HE.net DNS - which will include some of their colocation customers, as well as users of their free services - but also will have caused reverse DNS to fail for most servers hosted by Hurricane Electric worldwide, so if any of your mail is being sent from HE hosted machines you may have seen problems. (We're HE customers so we noticed. Still happy with them as a vendor.)No Comments


  • 65.0.0.0/8 DNS issues

    If you're sending email from any address beginning with a 65 - in 65.0.0.0/8 - it's possible you'll see some delivery problems. Something appears to be broken with dnssec signatures for the reverse DNS zone, leading queries for reverse DNS to fail for anyone using a dnssec aware DNS resolver (which is almost everyone).1 Comment


  • Our green bar certificate is going away

    Later today we'll be switching from an Extended Validation ("green bar") SSL certificate to a Domain Validation certificate. This isn't exactly a planned change but I'm waiting for responses from Comodo before I go into it too much. I'll share some more details next week.3 Comments


Archives