Amyone Else Getting Spam Mail Originating From Comiclink?

[awe4one]

From: comiclink-news-owner@comiclink.com [mailto:comiclink-news-owner@comiclink.com]

Sent: Wednesday, July 05, 2006 7:23 PM

To: comiclink-news@comiclink.com

Subject: [comiclink-news] Your neighbors lost their alarm-clock.

 

The fashi0n of newest cre@ti0n – the further 1s ejacuIation.

Soft Cialis Tabs w1ll he1p y0u t0 be very fashionable.

 

-------------------------------------------------------------------------------------------------

 

From: comiclink-news-owner@comiclink.com [mailto:comiclink-news-owner@comiclink.com]

Sent: Wednesday, July 05, 2006 6:56 PM

To: comiclink-news@comiclink.com

Subject: [comiclink-news] You are a businessman and have no time for a long sexual stimulation.

 

Start and stop 1t whenever YOU want not whenever you have to.

 

------------------------------------------------------------------------------------------------

 

 

Has someone hacked into Comiclink's mail server?

 

Jim

[nik]

Got the same one this morning.

[whomerjay]

It's been going on for some time now (ever notice you always get spam when you get a CL message?), just now, it comes with CL in the title.

 

Not sure if this is an easy fix for them.

[sterlingcomics]

Yes I did too....<techspeak on>apparently their mail server has SMTP relay turned on, which allows someone to send e-mails from their server and spoof the e-mail address with the proper domain name. It's a nice feature, but one opportunists use with ease. I e-mailed them about it. It could be another hack du jour, but this looked like a good place to start.</techspeak off>

[CatskillMike]

Me too, this morning. Something about the neighbor's alarm clock and cialis?

[BEAUMONTS]

Yup, 3 e-mails this a.m.

[Pirate]

good thing they closed my account, no emails from those insufficiently_thoughtful_persons.

[Scheradon]

Oh goodie, I guess better go check my emails ...

 

Yep, 4 of them in my spam folder. Interesting though, they came up from "UnknownSender@UnknownDomain" to "comiclink-news@comiclink.com".

 

So, I guess we can assume everyone on CLink's mailing list will be getting spammed now.

[Jeffreykli]

Yup; spam a plenty.

[Johnny G]

8 for me this morning!!!

 

Thanks Josh, but I'll pass on the "Wonderful Sperm" and "Astonishing Watch Replicas"...

 

WTF???

 

John

[joe_collector]

Looks like Josh may have discovered an "alternative revenue stream".

[nik]

Dear ComicLink Users:

 

This morning you may have received spam emails coming from our listserver. It appears that this listserver was compromised and used by a hacker program to send spam from our email account to the email addresses within the listserver. This was an old mailing list that we stopped using to send mail approximately 6 months ago. Today, when we traced the problem to it, we deleted the listserver so that whatever this program was, it is no longer able to send the spam to our users. This stopped the spam email generation.

 

This listserver contained only email addresses, and no other sensitive information. The ComicLink system as well as our current mailing list is on a separate server entirely and information stored on it is completely secure. Furthermore, it appears that the program generated the emails directly from our listserver account meaning that its objective was not to steal email addresses but to generate spam to email addresses on the list. Therefore, your email address did not fall into malicioius hands capable of further misuse. Lastly, we are going to trace the source of the problem and in the event that we find the hacker or company responsible, we will prosecute to the full extent of the law.

 

If anyone needs further clarification, feel free to email us or call us directly.

 

 

Sincerely,

[uclapeterg]

They should run a anti-spyware program on the server.

[Wrightson fan]

Dear ComicLink Users:

 

This morning you may have received spam emails coming from our listserver. It appears that this listserver was compromised and used by a hacker program to send spam from our email account to the email addresses within the listserver. This was an old mailing list that we stopped using to send mail approximately 6 months ago. Today, when we traced the problem to it, we deleted the listserver so that whatever this program was, it is no longer able to send the spam to our users. This stopped the spam email generation.

 

This listserver contained only email addresses, and no other sensitive information. The ComicLink system as well as our current mailing list is on a separate server entirely and information stored on it is completely secure. Furthermore, it appears that the program generated the emails directly from our listserver account meaning that its objective was not to steal email addresses but to generate spam to email addresses on the list. Therefore, your email address did not fall into malicioius hands capable of further misuse. Lastly, we are going to trace the source of the problem and in the event that we find the hacker or company responsible, we will prosecute to the full extent of the law.

 

If anyone needs further clarification, feel free to email us or call us directly.

 

 

Sincerely,

 

 

I just received the same email....I wonder if it is spam too?

 

 

Scott

[sterlingcomics]

Unless they want to hire some serious IT detectives, they may find that just finding the prosecutors may be a cost prohibitive decision. As a note, they should probably do a security review of their site for good measure. It doesn't take too many of these types of events to disrupt business-especially if you are eCommerce based like CL.

[Shield]

Yes I did too....<techspeak on>apparently their mail server has SMTP relay turned on, which allows someone to send e-mails from their server and spoof the e-mail address with the proper domain name. It's a nice feature, but one opportunists use with ease. I e-mailed them about it. It could be another hack du jour, but this looked like a good place to start.</techspeak off>

 

Actually, you can create a text file with the corresponding to: and from: fields (make it up) and save it in the "pickup" folder of any IIS server and it will get sent out and appear to be from whomever you specify. All it has to do is find a willing smtp server that allows mail to be sent without authentication.

 

Yes, I do this sometimes at work.

[sterlingcomics]

Yes I did too....<techspeak on>apparently their mail server has SMTP relay turned on, which allows someone to send e-mails from their server and spoof the e-mail address with the proper domain name. It's a nice feature, but one opportunists use with ease. I e-mailed them about it. It could be another hack du jour, but this looked like a good place to start.</techspeak off>

 

Actually, you can create a text file with the corresponding to: and from: fields (make it up) and save it in the "pickup" folder of any IIS server and it will get sent out and appear to be from whomever you specify. All it has to do is find a willing smtp server that allows mail to be sent without authentication.

 

Yes, I do this sometimes at work.

 

Cool tip. I'm trying to become more security focussed at work, going for CISSP in September. CL does use Microsoft technology I'm assuming, since their pages are ASP. Tracking IP addresses and going down the line is "almost" the best way, but even that can be spoofed or even unknowing particpants involved.

 

That's all she wrote.

[Calamerica]

Yes - 3 days in a row!!

 

CAL

[sterlingcomics]

I just talked to a friend that just received a TEXT PAGE on his cell phone that matches the types of messages we got with the CL spam event. Just curious if anyone else got something similar.