| [VOIPo.COM] Unique e-mail address for pre-launch sign-up got spa As we run our own POP3 server, we are able to give unique e-mail address for each contact. Recently, we found the unique e-mail used to sign-up VOIPo pre-launch registration got spam. Even worse, most recently, spam has zip file attachment. The zip file contains bredolab!a Trojan that even you keep your anti-virus software updated cannot detect it as it is too new. We had to submit to »www.webimmune.net/default.asp for detection, and it requires extra update of our anti-virus software to detect such Trojan. |
|
|
|
 swanboy
join:2001-01-22
Hollywood, FL | Re: [VOIPo.COM] Unique e-mail address for pre-launch sign-up got Right. You're saying voipo is sending you trojans? |
|
| said by swanboy:Right. You're saying voipo is sending you trojans? No, I think he is saying the VOIPo sold it. |
|
 ptrowskiGot Helix?Premium
join:2005-03-14
Putnam, CT
kudos:4 | reply to hszeto
That is a fairly substantial claim. |
|
nitzanPremium,VIP
join:2008-02-27
kudos:2 | reply to hszeto
I seriously doubt they sold it.
Did any other VOIPo customers get such spam? |
|
| Everyone gets spam, but most other customers wouldn't know the source as they used the same e-mail address for everyone. The OP provided a unique address, so he is better equipped to identify the source. |
|
 ropeguruPremium
join:2001-01-25
Mechanicsville, VA | I would be curious as to how unique the first part of the email addy is and if it might be not so unique in the spam world. |
|
| said by ropeguru:I would be curious as to how unique the first part of the email addy is and if it might be not so unique in the spam world. voipo... |
|
ropeguruPremium
join:2001-01-25
Mechanicsville, VA | said by hszeto:said by ropeguru:I would be curious as to how unique the first part of the email addy is and if it might be not so unique in the spam world. voipo... Looks like an easy target for spammers. I am sure they add common company names to the first part of email addresses. They just got lucky on your and hit the right combination. |
|
| voipo isn't a "common company name". |
|
ropeguruPremium
join:2001-01-25
Mechanicsville, VA
1 edit | It is if you are a spammer that is out there looking for words to put into a database.
Now, if you had something like "Wt5&9KJ7$N)#%" as the name portion, then I would be asking questions. |
|
| reply to hszeto
Following is an example of spam with attachment and most header information removed. The e-mail body contains spelling error. At the beginning, got few similar spam but did not have the attachment. Anyone signed up VOIPo pre-launch registration and got similar spam? Before these spam lately, there were only very few e-mail from VOIPo many months ago. In other words, there was no e-mail at all about a month of two after VOIPo launched their service that I don't remember exactly how many months ago.
From: "UPS Manager xxx xxx"
To:
Subject: UPS Tracking Number xxxxxxx.
Date: Fri, 15 Jan 2010 14:54:14 +0000
Dear customer!
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.
You may pickup the parcel at our post office personaly!
Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.
Please do not reply to this e-mail, it is an unmonitored mailbox.
Thank you.
United Parcel Service. |
|
 usa2kBlessedPremium,MVM
join:2003-01-26
Redford, MI
kudos:3 | VOIPo is a name of trust.  |
|
Reviews:
 ·RoadRunner Cable
 ·ViaTalk
2 edits | reply to ropeguru
I don't think Voipo is big enough for spammers to add it to any type of list. If they did a directory harvest attack the OP should be able to have spotted it. Thus they may have already had it.
Spammers have a multitude of ways of getting email addresses, hacked servers databases etc. Full headers might reveal something useful. |
|
VOIPoTimVOIPo.comPremium,VIP
join:2006-06-06
Newport Beach, CA
kudos:2
2 edits | reply to hszeto
We don't sell marketing lists to other companies and obviously were not sending a trojan out. This is the first report I've heard of this, but I do think I know what happened here even though after doing some research just now. Until 2009, we used a hosted mailing software/service called Aweber. They're one of the largest providers of newsletter services for small businesses. Apparently in December there was a breach at aweber in which some e-mail addresses were obtained by spammers. Deliverability.com which is a site that overs the e-mail marketing industry calls it the "largest data breach in email marketing history". We were not notified about this affecting our account but that could be because we are no longer using Aweber and our account is no longer active. The only information we stored at Aweber was the name/e-mail provided on the pre-launch list form. No customer e-mails or other information was stored there. Here is some additional information: » www.aweber.com/blog/uncategorize···mise.htm» www.problogger.net/archives/2009···r-lists/» blog.deliverability.com/2009/12/···d-c.htmlI'm assuming that this is related and would explain the issue at hand. We apologize if anyone has had any spam as a result of this. With that being said all we can really do is carefully choose our vendors. As one of the largest providers, Aweber is a "household" name in all online marketing circles and was known to be very secure. We currently use iContact.com for e-mail marketing and will reach out to them to see what comments they have on the Aweber situation since we're now aware of it and see if they feel that they are susceptible to the same vulnerabilities. This just further shows that breaches CAN happen anywhere and we can only hope that the info used can improve security everywhere. |
|
PX EliezerPremium
join:2008-08-09
Hutt River
kudos:13 | Very impressive response! |
|
 PhoenixDown-- Wants FIOSPremium
join:2003-06-08
Fresh Meadows, NY
kudos:1 | I agree!
--
~ Insert a Funny Sig Here ~ |
|
 NY TelPremium
join:2004-04-09
Smithtown, NY
kudos:3
·AT&T CallVantage
| reply to abward
said by abward:said by swanboy:Right. You're saying voipo is sending you trojans? No, I think he is saying the VOIPo sold it. I thought you get those things at CVS? Right? |
|
| reply to VOIPoTim
We appreciate the information you have provided. It is very helpful and does match the spam pattern we have experienced with this unique e-mail address. Most spam originated from China also match blog stating e-mail addresses were hacked by foreign hacker(s). Furthermore, as blog stated, hacker(s) appear(s) did not get the name, just e-mail address.
We started this thread due to the danger of Trojan that is so new that requires extra update to detect it. Before there was an attachment, it was not a major concern so we simply forwarded spam to SpamCop and KnujOn for reporting.
Again, thank you for finding out the source of concern! |
|
PX EliezerPremium
join:2008-08-09
Hutt River
kudos:13 Reviews:
·callwithus
·voip.ms
·Optimum Voice
·Vitelity VOIP
·Gizmo5
| reply to hszeto
said by hszeto:The zip file contains bredolab!a (a Trojan that even you keep your anti-virus software updated cannot detect it as it is too new). Interesting. Apparently "Bredolab!a" (including the exclamation mark) is quite new, but the Bredolab family started proliferation last summer.
More:
»vil.nai.com/vil/content/v_251049.htm
Extensive commentary regarding the connection with the Russians:
»us.trendmicro.com/imperia/md/con···inal.pdf |
|
