View Single Post
12-29-09, 11:50 PM   #16
Nafe
A Deviate Faerie Dragon
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 17
I would like to report a similar email that I just received a few minutes ago.

As with a few people above, I know that this was sent directly to the email address I used ONLY for Wowinterface (because I use a unique email for each website...). This is a bit too coincidental to assume it's by chance.

Judging by how log checks showed no success, perhaps there is an exploit used to query the MySQL database (I'm assuming MySQL, for the sake of simplicity) of Wowinterface for a user's email address. Perhaps it's worthwhile to review the PHP code to see if such a leak exists?

When we carry out a routine check when the account, we have evidence to show that your account has been involved in the disputed transactions.
So we have to inform you visit our website(http://www.worldofwarcraft.com) fill out some information to facilitate our investigation.
If you can not tie in with our soon we will have to temporarily lock your account.

Sincerely,
Blizzard, Inc.
Copyright @ 2009 Blizzard, Inc. All rights reserved.
Please note that the link (withheld so no poor soul clicks on it) really points to a different website, www.worldofwarcraft______.com where ______ is withheld .

...

Received: FROM blu0-omc2-s29.blu0.hotmail.com (blu0-omc2-s29.blu0.hotmail.com [65.55.111.104])
By ____________ ID 4B3AE3FB.60720.11556 ;
30 Dec 2009 00:24:11 EST
Received: from BLU0-SMTP18 ([65.55.111.71]) by blu0-omc2-s29.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 29 Dec 2009 21:24:09 -0800
X-Originating-IP: [60.19.232.196]
X-Originating-Email: [[email protected]]
Message-ID: <[email protected]>
Received: from tszmkl ([60.19.232.196]) by BLU0-SMTP18.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 29 Dec 2009 21:24:07 -0800
From: "[email protected]" <[email protected]>
To: <[email protected]>
Subject: World of Warcraft Account Trade Dispute Notice
Date: Wed, 30 Dec 2009 13:24:20 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-OriginalArrivalTime: 30 Dec 2009 05:24:08.0226 (UTC) FILETIME=[4FA64820:01CA8910]
I'm forwarding the email to Dolby.
  Reply With Quote