[AusNOG] Has MelbourneIT been hacked?

Seamus Ryan Seamus.Ryan at melbourneit.com.au
Tue Nov 3 10:57:41 EST 2015 

Indeed.

This appears to be moderately crafted phishing attempt, using whois data to target domain owners.

Started on the 23rd of October by the looks of things, steady flow ever since.

Cheers,
Seamus

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mike Kurkowski
Sent: Tuesday, 3 November 2015 10:51 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Has MelbourneIT been hacked?

Hi Andrew,

TPP have a "Spam Alert" page up acknowledging the issue.
Apparently they are not the only registrar being targeted.

http://support.tppwholesale.com.au/articles/reseller/Spam-Alert-27th-October-15/?c=TPP_Wholesale%3AService_Alerts&fs=Search&pn=1

Regards,
Mike Kurkowski


On 03/11/2015 9:42 AM, Andrew Hawken wrote:
> I got a bunch for all my domains claiming to be from Enom... Where I have my domains registered. Same content as yours with the suspicious links etc.
>
> --
> Andrew Hawken
> http://www.linkedin.com/in/AndrewHawken
>
>> On 3 Nov 2015, at 10:29 AM, Ross Wheeler <ausnog at rossw.net> wrote:
>>
>>
>> For the last 4 days, I've been getting a flurry of email claiming to be from TPP Internet to the properly listed email addresses for domain renewals etc, for a concerning number of domains... several dozen - but every single one of them is a domain I /AM/ the admin for. (ie, no falses)
>>
>> The mail appears to be originating from all over the world and not from TPP (now owned by MelbourneIT) themselves.
>>
>> Typical mail looks like this:
>>
>>
>>   From: TPP Internet Pty Ltd <abuse at tppinternet.com.info>
>>   To: (valid mail address)
>>   Subject: Domain XXXXXXXXXX.COM Suspension Notice
>>
>>   Dear Sir/Madam,
>>
>>   The following domain names have been suspended for violation of the TPP
>>   Internet Pty Ltd Abuse Policy:
>>
>>   Domain Name: XXXXXXXX.COM
>>   Registrar: TPP Internet Pty Ltd
>>   Registrant Name: (registered owner)
>>
>>   Multiple warnings were sent by TPP Internet Pty Ltd Spam and Abuse
>>   Department to give you an opportunity to address the complaints we have
>>   received.
>>
>>   We did not receive a reply from you to these email warnings so we then
>>   attempted to contact you via telephone.
>>
>>   We had no choice but to suspend your domain name when you did not
>>   respond to our attempts to contact you.
>>
>>   Click here and download a copy of complaints we have received.
>>
>>
>> Of course the "click here" is fake too...
>>
>>   http://classified.canadaautomotivedirectory.com/abuse_report.php?XXXXXX.COM
>>
>> I haven't bothered to download it, but I think we can safely assume it's some kind of malware.
>>
>>
>> I've not seen this aproach before.... I wonder if there's been another registry/registrar "security issue", or am I just being paranoid? Anyone else getting them?
>>
>> R.
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

-- 
Kind regards,
Michael Kurkowski

Audiovation (Technologies)
7 Sophia Street
Mackay, QLD
4740

ABN 95 255 659 153

E - mike at audiovation.com.au
M - +61 407 165 797
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list