15 replies to this topic

[Firefox]

Not sure where to post this so I will but it here, and please move if you see fit.

One of the users on my network got this email. We block such links so she did not get infected but maybe you guys can look it over.

here is the email.

-----Original Message-----
From: Mail Administrator [mailto:mgoetz@wps60.org] 
Sent: Friday, October 09, 2009 11:49 PM
To: undisclosed-recipients
Subject: Your mailbox Quota Has Exceeded The Set Limit



This message is from the IT Service messaging center. your mailbox has exceeded the storage limit which is 20GB, As set by your administrator, you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox and also we are deleting all unused accounts. To re-validate and confirm your mailbox, please click the link below:
 
http://www.accountadmin2009.com/  
 
Thanks,
System Administrator.

[TonyDee]

Firefox, on Oct 12 2009, 09:43 AM, said:

Not sure where to post this so I will but it here, and please move if you see fit.

One of the users on my network got this email. We block such links so she did not get infected but maybe you guys can look it over.

here is the email.

-----Original Message-----
From: Mail Administrator [mailto:mgoetz@wps60.org] 
Sent: Friday, October 09, 2009 11:49 PM
To: undisclosed-recipients
Subject: Your mailbox Quota Has Exceeded The Set Limit



This message is from the IT Service messaging center. your mailbox has exceeded the storage limit which is 20GB, As set by your administrator, you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox and also we are deleting all unused accounts. To re-validate and confirm your mailbox, please click the link below:
 
http://www.accountadmin2009.com/  
 
Thanks,
System Administrator.

I'm no expert here, but if you're using Outlook with an Exchange server, the admin folks like to keep the mailbox under 2 GB, not 20 GB. That raised some suspicion.

Normally the admin will ask that you delete emails from the server which may involve creating pst files on your local hard drive. They usually give instructions on how to do that.

I went to www.accountadmin2009.com and it's not there.

I'm suspicious. I'd contact your IT department.

[noknojon]

@ Firefox -
If it is the ISP's mail box there can be problems with being over their limits (I have done it) -
The limits are not the usual amounts , so this would be a direct response to your ISP - This was why my last ISP diverted all mail to Outlook Express -
The only problem I have now is that it was not changed back to O/E 'default' prior to leaving that ISP -
Hence my question in PC Help section - I may need to go to my new ISP to change it , but I would prefer just to have baic O/Express -

[mountaintree16]

@ Firefox

I am no expert but that link definitely looks pretty fishy to me! I bet it is a scam/phishing/malware attempt. Why wouldn't they just ask you to delete messages, instead of asking you to click on a link. And why would 2009 be on the end of the link?

[chimpy]

Looks like a Phishing scam to me.

[sho-dan]

I second the scam, also the site link is dead just as the other link that i found belonging to the same owner in the email.

http://whois.domaint...ntadmin2009.com
http://db.aa419.org/...w.php?key=39683

[Glebe]

Any of this look familiar to you?
Register of that site.

Registrant:
John Charles Torrens
PO Box 30920
Mayville, KZN 40580
ZA

Domain name: ACCOUNTADMIN2009.COM


Administrative Contact:
Torrens, John dr.bensmith1960@msn.com
PO Box 30920
Mayville, KZN 40580
ZA
+27.312425002
Technical Contact:
Technical, GX Networks services@123-reg.co.uk
5 Roundwood Avenue
Stockley Park
Uxbridge, Middlesex UB11 1FF
UK
+44.8712309525 Fax: +44.8701650437

[Glebe]

Using WOT which tells me which sites are safe and which aren't, I'm getting a red circle (terrible) next to accountadmin2009 so stay away.

User comments on it-

10/12/2009


Delan Azabani


Spam

Found on Joe Wein's spam blacklist.

0

Found on Joe Wein's spam blacklist.

[ link to this comment ]
10/10/2009


joewein.de LLC


Spam

Recently added to Joe Wein's spam domain blacklist.
10/03/2009


SpamCop


Spam

Appeared on an automatically composed list of spamvertised websites. (Low reliability)
Page 1 of 1

[Firefox]

@ everyone

I know its a scam site, just putting the info here to keep eveyone informed of latest threats....

@ TonyDee

you are right, I am on outlook connecting to an exchange server. I do have limits in place..... oh by the way, I am the system admin and exchange admin too....

[mountaintree16]

@ Firefox

Well I definitely appreciate the alert, and I figured you already knew it was a scam. A system admin would not contact a user with a message like that anyway. I mean really. yeesh.

Someone posted a link in the security alerts about TrendMicro alerts to a similar email scan, you might want to go over and take a look at it. http://www.malwareby...showtopic=27805

[Firefox]

Will have a look at it.... Thanks

[mountaintree16]

You're welcome Firefox

[srtools1980y]

mountaintree16

Quote

Someone posted a link in the security alerts about TrendMicro alerts to a similar email scan, you might want to go over and take a look at it. http://www.malwareby...showtopic=27805

Someone is me only.

[catscomputer]

Hey Firefox, this may interest you relating to an increase in Outloook email scams. http://www.us-cert.gov/current/#malware_ci...a_spam_messages

[mountaintree16]

Thanks for that link, Catscomputer

[Firefox]

thanks for the link, some good reading there.... no matter how many times I tell folks not to open emails or attachments from folks they dont know or look suspicious the will do it anyway.....