Title: New Gox Spam Heads Up
Post by: phorensic on April 20, 2012, 03:45:10 PM
Just received some spam, though I would alert the community. Fake links inside the e-mail, spoofed address relayed via a crappy mail host. info@mtgox.com via km22.hostsila.org 7:48 AM (53 minutes ago)
to me Dear Mt.Gox user,
Your account is currently pending review, please visit https://mtgox.com/forms/verification For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:
Security Measures Explained
“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.
In order to apply for the “Verified” account status please attach a copy of the following documents: - Your government issued photo ID (passport, permanent residence card or driver’s license) and - A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.
Thanks, The Mt.Gox team Here is the source so you can see the fake links: Delivered-To: matt.a.mead@gmail.com Received: by 10.229.239.199 with SMTP id kx7csp76445qcb; Fri, 20 Apr 2012 07:48:36 -0700 (PDT) Received: by 10.216.133.234 with SMTP id q84mr4032106wei.102.1334933315270; Fri, 20 Apr 2012 07:48:35 -0700 (PDT) Return-Path: <goxgoxgo@km22.hostsila.org> Received: from km22.hostsila.org (km22.hostsila.org. [194.28.84.12]) by mx.google.com with ESMTPS id g9si6384055wee.68.2012.04.20.07.48.34 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 20 Apr 2012 07:48:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of goxgoxgo@km22.hostsila.org designates 194.28.84.12 as permitted sender) client-ip=194.28.84.12; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of goxgoxgo@km22.hostsila.org designates 194.28.84.12 as permitted sender) smtp.mail=goxgoxgo@km22.hostsila.org Received: from goxgoxgo by km22.hostsila.org with local (Exim 4.69) (envelope-from <goxgoxgo@km22.hostsila.org>) id 1SLF8S-0008Ps-HA for matt.a.mead@gmail.com; Fri, 20 Apr 2012 17:48:32 +0300 To: matt.a.mead@gmail.com Subject: [Mt.Gox] Your account is currently pending review. X-PHP-Script: goxgoxgox5.tk/index2.php for 88.196.63.57, 88.196.63.57 From:info@mtgox.com Reply-To:info@mtgox.com MIME-Version:1.0 Content-Type: text/html; Message-Id: <E1SLF8S-0008Ps-HA@km22.hostsila.org> Date: Fri, 20 Apr 2012 17:48:32 +0300 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - km22.hostsila.org X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [808 32007] / [47 12] X-AntiAbuse: Sender Address Domain - km22.hostsila.org X-Source: /usr/bin/php X-Source-Args: /usr/bin/php X-Source-Dir: goxgoxgox5.tk:/public_html
<HTML>Dear Mt.Gox user,<br> <br> Your account is currently pending review, please visit <a href='http://rgy543.tmweb.ru/'>https://mtgox.com/forms/verification</a><br> For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:<br> <br> <a href='http://rgy543.tmweb.ru/'>Security Measures Explained</a><br> <br> “Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.<br> <br> In order to apply for the “Verified” account status please attach a copy of the following documents:<br> - Your government issued photo ID (passport, permanent residence card or driver’s license) and<br> - A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.<br> <br> Thanks, <br> The Mt.Gox team </HTML>
Yes, my e-mail was leaked during the great Gox hack of 2011, so I get stuff like this every once in a while.
Title: Re: New Gox Spam Heads Up
Post by: Mousepotato on April 20, 2012, 03:59:28 PM
I got this one. IIRC, the URL in the body of the message points to a .ru domain.
Title: Re: New Gox Spam Heads Up
Post by: RodeoX on April 20, 2012, 04:53:53 PM
I got this one. IIRC, the URL in the body of the message points to a .ru domain.
An .ru domain, what a shocker. ::)
|