Emergency warning to S3052 subscribers. Today I got email with their full credentials
"Adam has shared a secure document with you via CloudDock.
>
> A special report about what is really going on behind the scenes at MtGox
> and Bitstamp, and what it will mean for the short and long term price.
> Provided to you as part of your DigitalCurrencyResearch.com (Bitcoin
> BullBear) membership.
>
> [image: Document] Inside Details Behind
> MtGox/Bitstamp<
> xttps://authiy.com/gp/?token=764dee088ab3f82410458602248d71c6 [DO NOT CLICK[
>
File was already removed from this site, but it can be a trojan or something like that.
When I compared this email with their previous email headers, I found them both very similar. So I made conclusion that at least S3052 admin panel was compromised and attacker has ability to send arbitrary updates to their subscribers directly from S3052 server with valid DKIM signatures and so on.