[AusNOG] Has MelbourneIT been hacked?
Ross Wheeler
ausnog at rossw.net
Tue Nov 3 10:29:24 EST 2015
For the last 4 days, I've been getting a flurry of email claiming to be
from TPP Internet to the properly listed email addresses for domain
renewals etc, for a concerning number of domains... several dozen - but
every single one of them is a domain I /AM/ the admin for. (ie, no falses)
The mail appears to be originating from all over the world and not from
TPP (now owned by MelbourneIT) themselves.
Typical mail looks like this:
From: TPP Internet Pty Ltd <abuse at tppinternet.com.info>
To: (valid mail address)
Subject: Domain XXXXXXXXXX.COM Suspension Notice
Dear Sir/Madam,
The following domain names have been suspended for violation of the TPP
Internet Pty Ltd Abuse Policy:
Domain Name: XXXXXXXX.COM
Registrar: TPP Internet Pty Ltd
Registrant Name: (registered owner)
Multiple warnings were sent by TPP Internet Pty Ltd Spam and Abuse
Department to give you an opportunity to address the complaints we have
received.
We did not receive a reply from you to these email warnings so we then
attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not
respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Of course the "click here" is fake too...
http://classified.canadaautomotivedirectory.com/abuse_report.php?XXXXXX.COM
I haven't bothered to download it, but I think we can safely assume it's
some kind of malware.
I've not seen this aproach before.... I wonder if there's been another
registry/registrar "security issue", or am I just being paranoid? Anyone
else getting them?
R.
More information about the AusNOG
mailing list