Date: Fri, 28 Mar 2014 23:13:37 -0800
From: ACS Abuse Admin <abuse@acsalaska.net>
To: help@wcnet.org, trlemm@wcnet.org, abuse@wcnet.org
Subject: Ooopps.... we spammed you. // RT#15109
Hi Terrence/Help, your system just received a slew of spam from my
system, sorry about that.
The spam started Mar 28 22:33:45 (GMT-8) from our server 209.112.173.243.
Here is the subject & body of the email:
(SUBJECT: Dear Wcnet.Org User)
(BODY: Virus Notification
A DGTFX Virus has been detected in your Webmail.Wcnet.Org mail folders.
Your email
account has to be upgraded to our new Secured DGTFX anti-virus 2014
version to
prevent damages to our web mail login and to your important files. You
are required
to complete your details below and send it to us.This information would
be required
to verify and upgrade your e-mail account to avoid being closed. Please
clicking on
the reply button;
Full Name:
User Name:
Email:
Password:
Your account will remain active after you have successfully confirmed
your account
to the monitoring Center.
Thank you for your Cooperation.
. 2014 Webmail.Wcnet.Org
)
/EOM/
In about 2 min the spammers got off 23 emails with 40 recipients each. I
can see that via our logs your server is rate limiting ours but by the
time you get this email, the messages will most likely already of been
delivered.
I've changed my compromised user's password and flushed the cookies that
kept the spammer logged into our mail server so there shouldn't be any
further issues tonight.
Again, we're sorry that this has happened. If you have any questions
please feel free to call us at 907-273-6898 or email us back at
abuse@acsalaska.net.
If you need to confirm these details, you can perform a whois on our
server's IP 209.112.173.243:
scrites@cnst6:~$ whois 209.112.173.243 | grep OrgAbuse
OrgAbuseHandle: AIA4-ARIN
OrgAbuseName: ACS Internet - Abuse
OrgAbusePhone: +1-907-273-6898
OrgAbuseEmail: abuse@acsalaska.net
OrgAbuseRef: http://whois.arin.net/rest/poc/AIA4-ARIN
scrites@cnst6:~$
Thanks.
-Sean
ACS Abuse Admin