«
»

It had to happen

Today we received our first bit of spam from EC2. The message itself was pretty standard:

From: "Microsoft" 
Date: 29 June 2008 11:47:43 BST
To: XXX
Subject: Important Update Notification

Hello XXX,

You are receiving this notification because the version of Windows you are running is effected by a critical security issue.

For the protection of yourself and others using the Windows operating system, it is reccomended that all consumers update their operating system at their earliest convenience.

To do so, you may visit Microsoft Update by clicking here, and simply pressing "Open" or "Run" to begin the automatic update process.

Thank you for your cooperation in resolving this matter.

Kind Regards,
Microsoft Customer Support

The link points to a phishing site

http://XXX/go.nhn?url=http%3A%2F%2Fupdate%2Emicrosoft%2Ecom%2E00000000000000000000000000000000000000000000000000000000000000%2Enet

So far, so standard. The interesting bit is in the headers of the message:

Received: (qmail 29794 invoked from network); 29 Jun 2008 09:53:08 -0000
Received: from ec2-75-101-198-26.compute-1.amazonaws.com (HELO ec2-75-101-198-26.compute-1.amazonaws.com) (75.101.198.26)
  by server-14.tower-117.messagelabs.com with SMTP; 29 Jun 2008 09:53:08 -0000
From: "Microsoft"

How long before all email from EC2 is blacklisted? It was only a matter of time before services like this started to be used for sending spam, but this is the first time I’ve seen it in the wild.

This entry was posted on Monday, June 30th, 2008 at 10:00 am and is filed under Incidents, News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.