SPAM Alert - (Hell Pizza compromised?)

Forums › Off topic › SPAM Alert - (Hell Pizza compromised?)

1 | 2 | 3 | 4 | 5 | 6

1095 posts

Uber Geek
+1 received by user: 108

ID Verified

Trusted

Lifetime subscriber

#242836 5-Aug-2009 08:58

6. A PC with access to the email database has been compromised. I think this is the most likely case and don't see how whereisglenn can say "nor have we been hacked". Hackers prefer to keep a low profile so how would they know? Firewalls only stop malware being pushed to machines, they do nothing to stop luser from accidentaly pulling malware to their local PC. Can Hell Pizza honestly say that they don't have a staff member with low or modest computer skills that is using IE on a machine which does not have updates turned on? Maybe a laptop brought in from home?

I also suspect that this is the most likely case ... however I cannot say for certain that it's actuall Hell Pizza's machine that's been compromised - there's every chance that a mail log has been published someplace - voila, email addresses.

It is this last case that annoys me because of the denial and refusal to sort the problem. Pity we don't have effective laws or procedures to deal with these people. In one case I was under attack from an Internet cafe where the operator told me they couldn't fix the problem since the machines were used but the public and therefore could not be secured. He had a change of heart when I offered to remotely fix the problem for him by formatting his hard drives using the same security hole he was refusing to fix.

I've not yet followed up on this with Hell Pizza directly (sorry whereisglenn, but how do I know that you can categorically speak for Hell Pizza?) - has anyone else?

We do have anti-spam laws (or at least I thought so). I've not a lot of faith in the legal system in that way.

I must confess that it's spilled back under my radar, as it would appear that the spam filters are now catching the spam in any case.

Frieda51

2 posts

Wannabe Geek

#243162 5-Aug-2009 18:40

My ISP is Comcast, so in my case, it had nothing to do with Hell's Pizza. Here are the headers from the e-mail in case anyone is interested:

Return-Path: pdfreader-kjtltr1hjulvtyy1y@cmail3.com
Received: from imta29.emeryville.ca.mail.comcast.net (LHLO
IMTA29.emeryville.ca.mail.comcast.net) (76.96.27.217) by
sz0090.ev.mail.comcast.net with LMTP; Sun, 2 Aug 2009 16:38:15 +0000 (UTC)
Received: from m4.createsend.com ([72.15.222.64])
by IMTA29.emeryville.ca.mail.comcast.net with comcast
id PUeB1c00p1PyQ5U0VUeFvC; Sun, 02 Aug 2009 16:38:15 +0000
X-Authority-Analysis: v=1.0 c=1 a=Qgr8RKwWmLgA:10
a=c1PFaiG4f0Na2aAqKNsWGA==:17 a=4Tu5EdrtAAAA:8 a=C_IRinGWAAAA:8
a=wQ4NbxORAAAA:8 a=tLNmW5npwpZjeH28RnMA:9 a=cX7E-pXX6205zmnuJjYA:7
a=2Vejds4OFo5_zVyToQN1_656JioA:4 a=c6My9_s7WDcA:10 a=CmzApSA3FWQA:10
a=si9q_4b84H0A:10
Received: by m4.createsend.com (PowerMTA(TM) v3.5r11) id hen0fc0hunk7 for ; Sun, 2 Aug 2009 22:26:44 +1000 (envelope-from )
From: "PDF Reader"
To: "[myusername]@comcast.net"
Reply-To: info@adobe-pdf-2009.net
Date: Sun, 02 Aug 2009 21:55:59 +1000
Subject: New PDF Reader For Windows
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailer: cmail3.com
X-Complaints-To: abuse@cmail3.com
List-Unsubscribe:
Received: from [95.211.4.198] by cmail3.com via HTTP; Sun, 02 Aug 2009 09:55:59 +1000
Message-ID:

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#243170 5-Aug-2009 18:50

As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

aikendrum

2 posts

Wannabe Geek

#243193 5-Aug-2009 19:27

freitasm: As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.

Not sure I concur. It just means the SPAM has multiple sources of email addresses - which is normal.
If the only place SOME of the email addresses were given to was Hell Pizzas, then Hell's list (or email log) is compromised. But it doesn't mean Hell's email list is the only list in the world to be compromised.
I also got an almost (but not quite) identical message sent to spotlight@<mydomain> - an email address only ever used to communicate with that company.

ukoda

56 posts

Master Geek
+1 received by user: 48

#243232 5-Aug-2009 20:47

freitasm: As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.

I beg to differ. I think who ever compromised Hell Pizza's database was likely to have compromised other databases or even just brought email lists and amalgamated them. It would be interesting to hear back from Hell Pizza as it may be they employed some other company to handle the web services and that service provider is the actual source of the leak. In that case several companies would have their reputation tarnished by simply choosing the wrong company to handle their web presences.

Of course that is just speculation on my part. If you don't agree then I would be interested to hear your theory of how I came to receive an email from them addressed to hell@mydomain?

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#243288 5-Aug-2009 22:39

ukoda:
freitasm: As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.

I beg to differ. I think who ever compromised Hell Pizza's database was likely to have compromised other databases or even just brought email lists and amalgamated them.

Big, heavy sentence there... "who ever (sic) compromised Hell Pizza's database" sounds like there was indeed a breach...

ukoda: Of course that is just speculation on my part. If you don't agree then I would be interested to hear your theory of how I came to receive an email from them addressed to hell@mydomain?

Just read my first post again. There are dictionary attacks and spammers use those frequently. "hell@" is not hard to guess/use/attack.

A dictionary attacks requires the spammer to send emails to a domain using common words from a dictionary. Whatever bounces is invalid, whatever is accepted is a good email for them. Easy. And no "database compromise".

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Lego

Shop now for Lego sets and other gifts (affiliate link).

ukoda

56 posts

Master Geek
+1 received by user: 48

#243306 5-Aug-2009 23:25

freitasm:
Just read my first post again. There are dictionary attacks and spammers use those frequently. "hell@" is not hard to guess/use/attack.

A dictionary attacks requires the spammer to send emails to a domain using common words from a dictionary. Whatever bounces is invalid, whatever is accepted is a good email for them. Easy. And no "database compromise".

Yes, I covered that option in an earlier post. Since I have a catchall in place I would see anything from a dictionary attack and I have been surprised to see them only occasionally. Clearly it could have been a dictionary attack since hell is such a short word but I think a compromised PC is more likely. Of course since it is unlikely we will never know for sure in this case.

Interestingly a dictionary attack was one of the explanations offered when houseoftravel@mydomain was heavily spammed. Given the word houseoftravel is actually three words joined I though it a poor attempt to deflect attention.

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#243309 5-Aug-2009 23:28

In that case "houseoftravel" is unlikely to be a dictionary attack. But "hell" is more likely.

Anyway... I really don't care much. It's rare to get spam in my Inbox. Exchange does a good job these days.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

kitten

1 post

Wannabe Geek

#244405 9-Aug-2009 12:12

I just got much the same thing. It is misleading, using Adobe's name and the good name of OpenOffice. It is trying just a little too hard for credibility. Last I heard nothing legitimate operated out of Panama.

bbox

1 post

Wannabe Geek

#246729 14-Aug-2009 17:45

This phishing attack was quite interesting. I received the same message at three different email accounts, all at the same time and all proper operating addresses.

One address was registered with Chaos Music in Australia - and not used anywhere else - the second was BrightKite - social networking site and again not used anywhere else - and the third at my primary account which is usually pretty spam free.

I utilise a catch-all on my mail server - so I can register site specific addresses and know where potential leaks have come from - and did not receive the email at any other address in the same domain which says to me that it wasn't a pure dictionary attack but very targetted.

In-depth TV news, reviews & interviews -
Boxcutters podcast
- fresh every Monday night

dontpanic42

1574 posts

Uber Geek
+1 received by user: 11

#247309 16-Aug-2009 19:04

Just received another email for this fake/scam "product". This time it was received from 'update@adobe-pdf2009.com' as opposed to 'info@adobe-pdf-2009.net' on the first email.

Anyone else just get this?

Subject line: Update New Version PDF Reader For Windows And Mac

PDF Reader 2009 - New Version for Windows and Mac
The latest PDF Reader: Open, Edit & Create PDF Files

http://www.adobe-pdf2009.com/

Included in this package:

OpenOffice Suite - Get things done more quickly and improve your work
efficiency.

-Open, edit and view all PDF files.
-Enhanced performance with faster loading and zooming.
-Collect your data and combine it into a high quality document.

http://www.adobe-pdf2009.com/

Download the complete Office solution today and also receive free
updates and 24/7 customer support.

"Since the 90's, PDF has become the standard file format for document
exchange." - Adobe

http://www.adobe-pdf2009.com/

Thank you for choosing us, the worldwide leader in PDF Reader
Solutions.

Best Regards,

Matthews Norman
PDF Reader 2009

HP

Shop now for HP laptops and other devices (affiliate link).

ukoda

56 posts

Master Geek
+1 received by user: 48

#247395 16-Aug-2009 22:29

dontpanic42: Just received another email for this fake/scam "product". This time it was received from 'update@adobe-pdf2009.com' as opposed to 'info@adobe-pdf-2009.net' on the first email.

Anyone else just get this?

Yep, just got that one too. Again it was addressed to the email address I gave only to Hell Pizza. I note Hell Pizza have still not replied to my please explain email. Has anyone heard back from them? They have had plently of time to investigate the issue!

geekindenial

1 post

Wannabe Geek

#247848 17-Aug-2009 19:19

Today I received the same spam message twice at the email address that I have registered with Hell. Sounds like Hell need to admit they have been compromised - how about free wedges for everyone's next order? ;)

dontpanic42

1574 posts

Uber Geek
+1 received by user: 11

#247851 17-Aug-2009 19:24

geekindenial: Today I received the same spam message twice at the email address that I have registered with Hell. Sounds like Hell need to admit they have been compromised - how about free wedges for everyone's next order? ;)

I got it twice as well. Roughly three hours apart.

savag3

188 posts

Master Geek
+1 received by user: 3

#247963 17-Aug-2009 22:50

I wonder if the third party email marketing system they have used (mailprimer.com) has been compromised. That might explain why emails used at other companies have been spammed as well.

1 | 2 | 3 | 4 | 5 | 6