Victory Road  

Go Back   Victory Road > Information Kiosk > Victory Road Network Support

Notices

Victory Road Network Support Suggestions? Errors? Comments? Questions?

 
 
  #1  
Old February 20, 2014, 03:55:48 PM
linuxlove linuxlove is offline
Mudkip
 
Join Date: Dec 2009
Location: /dev/null
Posts: 30
Default Weird spam message

I haven't logged in here in several years, but what prompted me to post was this strange email I got just now. It's obvious it's just a spam message as the link redirects to a site that looks like Fox News, but all the images and links are replaced with some miracle weight loss drink that doesn't work.

Here's the contents of the message with all the recipients whited out:


Has anyone else on this forum received the same message? I noticed that there are a couple of names in the To list that I recognize; RehdBlob and HarryCat18 to be exact. Not sure if someone hacked these forums or they got into Cat's mail somehow.
Attached Thumbnails
Click image for larger version

Name:	b2co.png
Views:	132
Size:	22.1 KB
ID:	5938  

Last edited by Cat333Pokémon; February 20, 2014 at 11:46:10 PM.
  #2  
Old February 20, 2014, 04:13:30 PM
Dragonite's Avatar
Dragonite Dragonite is offline
Keldeo
 
Join Date: Nov 2013
Location: Your refrigerator.
Posts: 1,095
Default

Haven't gotten a message like this, but . . .wow.
  #3  
Old February 20, 2014, 04:20:42 PM
Shade's Avatar
Shade Shade is offline
Regigigas
 
Join Date: Aug 2010
Location: World of Darkness
Posts: 890
Default

I got one of those as well. I was about to notify Cat about it, but seems there's already a topic about it.
  #4  
Old February 20, 2014, 04:23:04 PM
PokeRemixStudio's Avatar
PokeRemixStudio PokeRemixStudio is offline
Moderator

 
Join Date: Aug 2009
Posts: 2,222
Default

I got it too. Hey, it's bringing people back to VR.
  #5  
Old February 20, 2014, 04:40:16 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

If anyone has received this message, I ask that you delete it immediately. I've only managed to round up about 100 of the e-mail addresses it was sent to in order to issue an apology, so there are likely many others I missed. I've already changed my password.

I'm willing to bet whatever spambot managed to crack in sent a message to everyone I've ever e-mailed from that account from the last 11 years (when I registered the account). >_>

Last edited by Cat333Pokémon; February 20, 2014 at 04:41:40 PM.
  #6  
Old February 20, 2014, 04:44:37 PM
TurtwigX's Avatar
TurtwigX TurtwigX is offline
Giratina
 
Join Date: Oct 2009
Location: Strawberry Field- permanent stay
Posts: 3,088
Default

I no longer use the email address that's connected to my account for this site but... I just checked and I have nothing like that. It's pretty bizarre.
  #7  
Old February 20, 2014, 04:46:09 PM
Yoshi648's Avatar
Yoshi648 Yoshi648 is offline
Administrator

 
Join Date: Nov 2006
Location: Yoshi's Island
Posts: 3,162
Default

Dangit Cat, people stop clicking free smiley ads years ago.
  #8  
Old February 20, 2014, 04:54:12 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

AH HA! Thank you, message headers!

Apparently, my account was not hacked. It was delivered by jeffc@st-charles.org operating on the St. Charles Borromeo Catholic Church (in Lima, OH) domain and attempted to be masked by being sent from my address.

Code:
x-store-info: *removed*
Authentication-Results: hotmail.com; spf=none (sender IP is 65.17.128.152; identity alignment result is fail and alignment mode is relaxed) smtp.mailfrom=jeffc@st-charles.org; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=aol.com; x-hmca=none header.id=cat333pokemon@aol.com
X-SID-PRA: cat333pokemon@aol.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0w
X-Message-Info: *removed*
Received: from bizmail01.wcoil.com ([65.17.128.152]) by BAY0-PAMC2-F3.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Thu, 20 Feb 2014 15:56:04 -0800
Received: from mycomputer (Broadband-Dynamic-119-235-77-39.connect.com.fj [119.235.77.39])
	(Authenticated sender: jeffc@st-charles.org)
	by bizmail01.wcoil.com (Postfix) with ESMTPA id 4DEDA2E82A0;
	Thu, 20 Feb 2014 18:55:47 -0500 (EST)
From: "=?ISO-8859-1?Q?cat333pokemon=40aol.com?=" <cat333pokemon@aol.com>
To: *addresses removed*
Subject: =?ISO-8859-1?Q?cat333pokemon=40aol.com?=
Date: Thu, 21 Feb 2014 12:55:47 +0100
MIME-Version: 1.0
X-mailer: Microsoft Office Outlook, Build 11.0.5510
Reply-To: cat333pokemon@aol.com
Content-type: Multipart/mixed; boundary="50B60084_390367CB_boundary"
Content-Description: Multipart message
Return-Path: jeffc@st-charles.org
Message-ID: <BAY0-PAMC2-F3zJOTfH0008d898@BAY0-PAMC2-F3.Bay0.hotmail.com>
X-OriginalArrivalTime: 20 Feb 2014 23:56:04.0347 (UTC) FILETIME=[508E34B0:01CF2E97]

--50B60084_390367CB_boundary
Content-type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline
Content-Description: HTML text

Last edited by Cat333Pokémon; February 20, 2014 at 04:58:50 PM.
  #9  
Old February 20, 2014, 05:09:20 PM
PokeRemixStudio's Avatar
PokeRemixStudio PokeRemixStudio is offline
Moderator

 
Join Date: Aug 2009
Posts: 2,222
Default

Quote:
Originally Posted by Cat333Pokémon View Post
St. Charles Borromeo Catholic Church
Miracle weight loss indeed.

How did they know your email contacts?
  #10  
Old February 20, 2014, 05:13:46 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Quote:
Originally Posted by PokeRemixStudio View Post
How did they know your email contacts?
That's...a good question. Guess I did get hacked somehow, then. Regardless, I changed my password so it shouldn't happen again.
  #11  
Old February 20, 2014, 05:16:46 PM
Sub-zero's Avatar
Sub-zero Sub-zero is offline
Regigigas
 
Join Date: Nov 2009
Location: Lin Kuei Temple, Arctika
Posts: 754
Default

Quote:
Originally Posted by Cat333Pokémon View Post
That's...a good question. Guess I did get hacked somehow, then. Regardless, I changed my password so it shouldn't happen again.
That's weird. Why would a person operating from a Church hack you and send some possible viruses (or whatevs) to your contacts.

Dunno if y'all are aware (probably), but Kickstarter was hacked last week or something. I just found out, so gimme a break. D:
  #12  
Old February 20, 2014, 05:23:14 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

I have now purged my contacts on the AOL account after exporting them. I had 1,258 e-mail addresses in there (again, we're talking ELEVEN years on a popular e-mail account with about a quarter of a million total messages).
  #13  
Old February 20, 2014, 05:23:59 PM
linuxlove linuxlove is offline
Mudkip
 
Join Date: Dec 2009
Location: /dev/null
Posts: 30
Default

Quote:
Originally Posted by Sub-zero View Post
[B][COLOR="Blue"]That's weird. Why would a person operating from a Church hack you and send some possible viruses (or whatevs) to your contacts.
I think more likely it's a box at a church that got infected and was doing this automatically. Just speculation though.
  #14  
Old February 20, 2014, 05:28:36 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Quote:
Originally Posted by linuxlove View Post
I think more likely it's a box at a church that got infected and was doing this automatically. Just speculation though.
That's certainly the most plausible explanation. It's probably a bot that does the dirty work for some "master" spam server, which may harvest e-mail addresses from accounts for which it can obtain the password.

Last edited by Cat333Pokémon; February 20, 2014 at 05:28:47 PM.
  #15  
Old February 20, 2014, 05:41:56 PM
Magmaster12's Avatar
Magmaster12 Magmaster12 is offline
Rayquaza
 
Join Date: Aug 2009
Location: You would know
Posts: 4,960
Default

What the heck why didn't I get a message like this!?

Just kidding.

Quote:
Originally Posted by Cat333Pokémon View Post
I have now purged my contacts on the AOL
Wow surprised some people still use a AOL email or that even still has email.

I wonder if Cat still uses those CD's with 3000 free hours of internet.
  #16  
Old February 20, 2014, 05:43:44 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

I stay clear away from the AOL software and only use the e-mail through the website and Windows Mail/Outlook.
  #17  
Old February 20, 2014, 11:30:21 PM
Twiggy's Avatar
Twiggy Twiggy is offline
Kyurem
 
Join Date: Oct 2011
Location: Somewhere interesting?
Posts: 2,102
Default

Is it a good thing or a bad thing that such a spam email never managed to reach my inboxes? (It seems like it probably got nuked by Microsoft before it even got in.)
  #18  
Old February 20, 2014, 11:36:25 PM
kakashidragon's Avatar
kakashidragon kakashidragon is offline
Kyurem
 
Join Date: Feb 2010
Location: Where i belong
Posts: 2,055
Default

I havnt seen this in my email *Yet* but whats it look like? Will it say something in its header so i dont click it the next time i go through my e-mails.
  #19  
Old February 20, 2014, 11:40:53 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

The spam message was delivered to pretty much everyone I ever sent a message to, from my AOL e-mail account. If I never sent you an e-mail through AOL (or added you to my contacts there), then you didn't get one. It did not use the e-mail addresses stored in Victory Road's database.

Last edited by Cat333Pokémon; February 20, 2014 at 11:41:39 PM.
  #20  
Old February 21, 2014, 01:01:44 AM
Twiggy's Avatar
Twiggy Twiggy is offline
Kyurem
 
Join Date: Oct 2011
Location: Somewhere interesting?
Posts: 2,102
Default

Hehe.

Makes me wonder what's going on with AOL's security, to be honest.
  #21  
Old February 21, 2014, 01:12:41 AM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Quote:
Originally Posted by Twiggy View Post
Hehe.

Makes me wonder what's going on with AOL's security, to be honest.
It's not just AOL. I've received the messages from accounts on other services too. In Trash right now, I have three total: two from Yahoo! and one from Hotmail. It's been going on for a while, too. Let's check out their headers.

Code:
Return-Path: <SRS0=aBD8Ci=XY=corrum.ca=pdufour@eigbox.net>

Received: from [190.19.254.34] (port=2413 helo=mycomputer)
	by bosauthsmtp06.eigbox.net with esmtpa (Exim)
	id 1WGA0i-0007je-1k; Wed, 19 Feb 2014 11:28:37 -0500
Code:
Return-Path: <ggkuhaka@publicservice.go.ke>

Received: from mycomputer (79-100-190-70.btc-net.bg [79.100.190.70])
	by mail.publicservice.go.ke (Postfix) with ESMTPSA id 5F1B326854A;
	Wed, 19 Feb 2014 18:57:25 +0300 (EAT)
Code:
Received: from blu0-omc2-s12.blu0.hotmail.com (blu0-omc2-s12.blu0.hotmail.com [65.55.111.87])
	by mtaiw-mab05.mx.aol.com (Internet Inbound) with ESMTP id 930FB70000081
	for <cat333pokemon@aol.com>; Fri, 14 Feb 2014 21:15:08 -0500 (EST)
Received: from BLU168-W39 ([65.55.111.71]) by blu0-omc2-s12.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Fri, 14 Feb 2014 18:15:08 -0800
This one was genuinely sent through the Hotmail SMTP servers, meaning the bot probably connected directly to it.
  #22  
Old February 21, 2014, 10:07:17 AM
kakashidragon's Avatar
kakashidragon kakashidragon is offline
Kyurem
 
Join Date: Feb 2010
Location: Where i belong
Posts: 2,055
Default

I use yahoo for my main email, so i dont think i'll get it.
  #23  
Old February 21, 2014, 01:17:52 PM
BluFire1337's Avatar
BluFire1337 BluFire1337 is offline
Charizard
 
Join Date: Jan 2013
Location: Tennessee
Posts: 129
Talking

Quote:
Originally Posted by Magmaster12 View Post
I wonder if Cat still uses those CD's with 3000 free hours of internet.
That reminds me. I used to get the ones with games on them when I was small just to play the games and not even use the internet
  #24  
Old March 7, 2014, 01:06:46 PM
Yoshi648's Avatar
Yoshi648 Yoshi648 is offline
Administrator

 
Join Date: Nov 2006
Location: Yoshi's Island
Posts: 3,162
Default

Whoever got a hold of you address book Cat, they are sending messages from contacts to other contacts. I got a message in my spam folder this morning claiming it was from KYA.
  #25  
Old March 7, 2014, 01:11:09 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Quote:
Originally Posted by Yoshi648 View Post
Whoever got a hold of you address book Cat, they are sending messages from contacts to other contacts. I got a message in my spam folder this morning claiming it was from KYA.
Check the e-mail header. KYA, change your passwords.
  #26  
Old March 7, 2014, 01:17:47 PM
Yoshi648's Avatar
Yoshi648 Yoshi648 is offline
Administrator

 
Join Date: Nov 2006
Location: Yoshi's Island
Posts: 3,162
Default

Quote:
Originally Posted by Cat333Pokémon View Post
Check the e-mail header. KYA, change your passwords.
We already did, it came from a eastrmfepi207.cox.net
  #27  
Old April 8, 2014, 09:35:28 AM
linuxlove linuxlove is offline
Mudkip
 
Join Date: Dec 2009
Location: /dev/null
Posts: 30
Default

Bumping this thread because it happened again. Same sort of message as the first one, only this time it links to a fake version of Women's Health and my browser's anti-fraud thing actually caught it.

Edit: This spam message, while all the recipients stayed the same, had different headers than the first.
Attached Thumbnails
Click image for larger version

Name:	cat333.png
Views:	158
Size:	10.3 KB
ID:	6101  

Last edited by linuxlove; April 8, 2014 at 09:41:26 AM.
  #28  
Old April 8, 2014, 11:31:48 AM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

I don't get it. My contacts list is completely empty now, and I changed my password since then. Judging by this part of the header in the PM you sent me...
Code:
Received: from mail-1.cc.uic.edu (mail-1-456.cc.uic.edu. [128.248.156.182])
        by mx.google.com with ESMTPS id a7si4397701iga.43.2014.04.08.10.28.20
        for <multiple recipients>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 08 Apr 2014 10:28:20 -0700 (PDT)
Received-SPF: neutral (google.com: 128.248.156.182 is neither permitted nor denied by domain of cat333pokemon@aol.com) client-ip=128.248.156.182;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 128.248.156.182 is neither permitted nor denied by domain of cat333pokemon@aol.com) smtp.mail=cat333pokemon@aol.com
Received: from uic.edu (dsl-189-241-239-129-dyn.prod-infinitum.com.mx [189.241.239.129] (may be forged))
	(authenticated bits=0)
The spammer most likely had to be using a cached copy of the contacts, and this time it was delivered by his own e-mail server (likely a bot located at the University of Illinois at Chicago and routed through a Mexican ISP) attempting to spoof my e-mail address but failing at many of the attempts due to a fake Sender Permitted Form (SPF), which is attached to the domain name as a list of e-mail servers that are allowed to send mail as them. My e-mail address has not been hacked again. It is just the same moron trying to use his own e-mail server. If it hasn't been already, his e-mail server will be blocked by all the major ISPs for not having an SPF at AOL (or Yahoo!, or Google, or Microsoft, or anyone else for whom he's attempting to spoof an e-mail address).

In a completely unrelated incident, I personally had trouble with the Sender Permitted Form right after the server move, as I forgot to tell the domain name server that "floatzel.net" is a permitted sender for VR's e-mail. Hotmail quickly blocked it because one of its spam filter providers didn't like me sending e-mails with the wrong SPF and wrong hostname on the machine.

In addition to the above, I received a large number of bounce messages from Orange France (that's an ISP):

Quote:
Nous sommes desoles de vous informer que votre message n a pas
pu etre remis a un ou plusieurs de ses destinataires.
Ceci est un message automatique genere par le serveur mwinf5d27.orange.fr.
Merci de ne pas y repondre.
This is the mail system at host mwinf5d27.orange.fr.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients.
The mail system
<*removed*>: host yahoo.com[66.196.118.37] said: 554
Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]

Last edited by Cat333Pokémon; April 8, 2014 at 11:48:42 AM.
  #29  
Old April 28, 2014, 11:58:15 AM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Just a quick update. I received the following message from AOL:
Quote:

Dear AOL User,

At AOL, we care deeply about the safety and security of your online experience. We are writing to notify you that AOL is investigating a security incident that involved unauthorized access to AOL's network and systems. Recently, our systems alerted us to an increased incidence of email users receiving spam emails from "spoofed" AOL email addresses. AOL's security team immediately began investigating the cause of the spoofed emails. Spoofing is a tactic used by spammers to make it appear that the message is from you in order to trick the recipient into opening it. These emails do not originate from the AOL Mail system – the addresses are just edited to make them appear that way. AOL is working with other email providers like Gmail, Yahoo! Mail and Outlook·com to stamp out spoofing across the industry, and we have implemented measures that will significantly limit its future occurrence.

Although our investigation is still underway, we have determined that there was unauthorized access to AOL users' email addresses, postal addresses, contact information (as stored in the AOL Mail "Address Book"), encrypted account passwords, and encrypted answers to security questions that we ask when a user resets his or her password. We believe spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts.

Importantly, at this point, we have no indication that the encryption on the passwords or the answers to security questions was broken. Likewise, there is no indication that this incident resulted in disclosure of users' financial information, including debit and credit cards, which is also fully encrypted.

Nevertheless, as a precautionary measure, we strongly encourage you to reset your password used for any AOL service and, when you do so, you should take the time to change your account security question and answer. You may reset your password and account security question at account.aol.com.

In addition, there are steps you can take to protect yourself from cyber risks. They include:
  • If you receive a suspicious email, do not respond or click on any links or attachments in the email.
  • When in doubt about the authenticity of an email you have received, contact the sender to confirm that he or she actually sent it.
  • Never provide personal or financial information in an email to someone you do not know. AOL will never ask you for your password or any other sensitive personal information over email.
  • If you believe you are a victim of spoofing, consider letting your friends know that your emails may have been spoofed and to avoid clicking the links in suspicious emails.
We place a premium on the security of our systems and our users' information. We are implementing additional measures to address this incident, and we are working with law enforcement to pursue the matter.

If you have any further questions, additional information and an extensive Q&A can be found at faq.aol.com. We apologize for any inconvenience, and we are addressing the situation as quickly and forcefully as we can.

Bud Rosenthal, AOL Membership Group CEO


Privacy Policy | Customer Support
©2014 AOL, Inc. All Rights Reserved.

Last edited by Cat333Pokémon; April 28, 2014 at 11:59:36 AM.
 
Thread Tools

Forum Jump


All times are GMT -8.


Powered by vBulletin® Version 3.8.11 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Victory Road ©2006 - 2018, Scott Cat333Pokémon Cheney
Theme by A'bom and Cat333Pokémon