Sign Up!
Login Welcome to Spacequad AntiSpam Services
Thursday, September 02 2010 @ 10:44 PM Eastern Daylight Time
Share

MSN unwittingly allows spam to pass thru

Tuesday, July 14 2009 @ 02:14 PM Eastern Daylight Time

Contributed by: Michael Brusletten

MSN was recently attacked on July 13th by a group of Chinese hackers.  This band of miscreants were able to successfully infiltrate MSN's WebMail server to send thousands of emails to various victims around the world using the Hotmail mail servers.  When reporting this this abuse to the Hotmail team, we were rerouted to a help group forum.  This is not good practice to be shunned by turning away a report that was just to notify them of the problem.  Read the full article for more.


This all first started when a customer of ours notified us that they had received this email below.  Originally we sent it back to them stating that we had received it from them already.  Then they told us again in another message that they did not send it.  So we looked into it further and it indeed turn out to be true, they didn't originate the email.

After reviewing the header of the email along with the envelope, we discovered that it originated from China and had our customer's email in the From: as well as the To: fields.  We looked further to find that the Return-Path was also the same address.  The originating IP address of 60.10.210.51 was the same in all other emails sent out to its victims with their email address's in the from and to fields.  How we were able to verify this was because allot of others that we spoke to also received this same email.  See below.

Given that this email was sent out illegally to the masses, would you ever trust a company advertising in this way by spamming?  The domain that the spammers were advertising also had a China address and IP associated with it.  All comments are welcomed as usual.

 

MSN Hotmail header source on email 
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==

X-Message-Status: n:0

X-SID-PRA: Customers Name <user@msn.com>

X-SID-Result: Pass

X-Message-Info: 9P4r4dq6PdsPy6lsuGNA9zbim1XQReibIQ38TbXpfUZe8utUwXGcRrdPQMiQ7gap3vMp9VoMfh1robjqu1OOdLXGTJ42QSme

Received: from col0-omc3-s14.col0.hotmail.com ([65.55.34.152]) by col0-hmmc2-f2.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

	 Mon, 13 Jul 2009 11:50:21 -0700

Received: from COL117-W7 ([65.55.34.135]) by col0-omc3-s14.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

	 Mon, 13 Jul 2009 11:49:57 -0700

Message-ID: <COL117-W757F108A152B5E9C332C4B8220@phx.gbl>

Return-Path: user@msn.com

Content-Type: multipart/alternative;

	boundary="_ea41989a-b91e-49ed-b87e-eff1acbfea1f_"

X-Originating-IP: [60.10.210.51]

From: Customers Name <user@msn.com>

Subject: ebay

Date: Mon, 13 Jul 2009 13:49:57 -0500

Importance: Normal

MIME-Version: 1.0

Bcc:

X-OriginalArrivalTime: 13 Jul 2009 18:49:57.0349 (UTC) FILETIME=[B7BF7950:01CA03EA]



--_ea41989a-b91e-49ed-b87e-eff1acbfea1f_

Content-Type: text/plain; charset="iso-2022-jp"

Content-Transfer-Encoding: 7bit











Hey$B!$(B

how are you doing recently? 

I would like to introduce you a very good company and its website is www.wedosale.com  It can offer you all kinds of electronic 
products that you may be in need,such as laptops ,gps ,TV LCD,cell  phones,ps3,MP3/4,motorcycles and etc........ 

You can take some time to have a check ,there must be something interesting you 'd like to  purchase .

The contact 

Email:  wedosale@vip.188.com

MSN:   wedosale@hotmail.com 

 

Hope you can enjoy yourself in shopping from that company !

 

Regardsz





--_ea41989a-b91e-49ed-b87e-eff1acbfea1f_

Content-Type: text/html; charset="iso-2022-jp"

Content-Transfer-Encoding: 7bit



<html>

<head>

<style>

.hmmessage P

{

margin:0px;

padding:0px

}

body.hmmessage

{

font-size: 10pt;

font-family:Verdana

}

</style>

</head>

<body class='hmmessage'>

<BR><BR>

<DIV><FONT size=5><EM>Hey$B!$(B<BR>how are you doing recently? <BR>I would like to introduce you a very good company 
and its website is </EM></FONT><A href="http://www.wedosale.com/"><FONT color=#ff0000 size=5><EM>www.wedosale.com</EM></FONT>
</A><FONT size=5><EM>&nbsp; It can offer you all kinds of electronic products that you may be in need,such as laptops ,gps ,
TV LCD,cell&nbsp; phones,ps3,MP3/4,motorcycles and etc........ <BR>You can take some time to have a check ,there must be 
something interesting you 'd like to&nbsp; purchase .<BR>The contact <BR>Email:&nbsp; </EM></FONT><A href="mailto:wedosale@vip.188.com">
<FONT color=#ff0000 size=5><EM>wedosale@vip.188.com</EM></FONT></A><BR><FONT size=5><EM>MSN:&nbsp;&nbsp; </EM></FONT>
<A href="mailto:wedosale@hotmail.com"><FONT color=#ff0000 size=5><EM>wedosale@hotmail.com</EM></FONT></A><FONT size=5><EM> </EM></FONT></DIV>

<DIV><FONT size=5><EM></EM></FONT>&nbsp;</DIV>

<DIV><FONT size=5><EM>Hope you can enjoy yourself in shopping from that company !</EM></FONT></DIV>

<DIV><FONT size=5><EM></EM></FONT>&nbsp;</DIV>

<DIV><FONT size=5><EM>Regardsz</EM></FONT></DIV><BR><BR></body>

</html>

--_ea41989a-b91e-49ed-b87e-eff1acbfea1f_--

</

 

  

  • Currently 0.00/5
Rating: 0.00/5 (0 votes cast)

Story Options

0 comments

Find us on Facebook



Follow us Twitter

Blog Writers Needed

Spacequad is looking for volunteer story writers. If you think you have what it takes to be a part of our team, then submit your interests by contacting us.

Login

Username:

Password:


Don't have an account yet? Sign up as a New User
Lost your password


Consider Donating

Spacequad AntiSpam Services talks to the registrars and ISPs to get abusive domains terminated. If we encounter spam or network abuse, we let the proper authority know about it. If you find that your spam levels have gone down, its probably because we have had the spammer terminated from doing what they had been doing. Please consider donating to our cause.by using your PayPal, please click on the button below. If you feel that more needs to be done, please let us know, so that we can work with you on that.


Please consider a donation, so we can keep bringing you free services...

Testimonials

A Testimonial to Spacequad Internet Services For Outstanding Professional Webservices
I consider Spacequad Internet Services to be my ace in the hole. Someone I can count on and trust.

Joe Sellinger
Digital Times Media L.L.C.

Ads