Old 16th February 2011, 10:47   #1
colinito
Junior Member
 
Join Date: Dec 2007
Location: South of Spain
Posts: 4
? Genuine Message ?

Hello,

I have just received this mail, and having developed Full Headers I post it to enquire if it is genuine or a phishing scam. I have deleted my email address for security reasons. I notice the following -

"X-Info: Please report abuse by forwarding complete headers to
X-Info: abuse@sailthru.com"

---and have assumed that this is also a scam, therefore I have not contacted this address.

Another point is that The mail is addressed to "HELLO" and not personalised to me specifically, which, in my opinion, it should be addressed to me if Winamp writes to me personally.

The "Originating IP address" of the mail is seen at this link - http://tiny.cc/nx4eu

Here is the message with Full Headers :-

X-Apparently-To: XXXXX@yahoo.com via 87.248.114.95; Wed, 16 Feb 2011 02:21:55 -0800
Return-Path: <delivery@mx.sailthru.com>
Received-SPF: pass (mta1160.mail.mud.yahoo.com: domain of delivery@mx.sailthru.com designates 64.34.47.140 as permitted sender)
X-YMailISG: bAhO_VkcZAoUzjHfftTntfBr8vlBQo8ynPWmbjn5khnRbQ6Z cdcXqR_.dzdhD71pKw7fqQGuwzBNem.3qhj4Hx__fuiWY2tYcFpejftVSz7O DS6zVt_Agva_Xp2GMf7900A8BM.ByDctxUMk3q7Zw9brYfvCtid69qNQGcfK EgT99FnbdM.R5ek2.LNWQT6BcXqaHD8n5jLmabdtVBrQ_koZrDAv2xLQDzVS bRnAtZX4pEQYC59JbQK4_42TAoOFrCDKDRc.jOnDdmiCZBAdBNCWTg5DN8iK ww0BNZQ19jTwQMPowKJ3PT8_g6prGE22tOIaP2lj5A1vcyL5umleTiq6GkvB aWcvtqXgVU3V7gvSCmXRL0lmHGzA163cUZrxavrdagr3aWwVZkItncCpt0o6 fybtvxYXlxKwPidvW8jglVxRyNlptMfunfac.i1cljatBpvixiJgaGWqTi2e pK1eHJ6inWJ1KoXZEeWSGMj5twkaf68p24LToyWuc123fh1USohEybW2KWdb YnogJe_l4BOFvKZKcXdh7FtiuZo50afBEKvXL6QUxWcSmyDD6Q6d3ojscsdq qPBD169f_f6u1XV_sxUkAdL6JuC0yuUhl6MihZieg8N_x0fEKiNYz0raAX_L 9qfYltJYdYxJtfa7otqelGpGyy_kuPFlWxKtiqIagzaBO80pyx2AQmj6gFer kBaLpV6KHBa4TCVsZf7Hi6EEF.qA1LyFZePEgveYF6wG6bjrrUW1lna0HS2p SnU_pSyVH1M5jmxka3ylgG6zWWecTbWRnGg4Nv8NzB6tkF.qSwFcaeydI3uQ OlnL4MmxeD5rdden7dp1rintE5YP4tZDKCGRQvPmqSBIl9c5Ap0gbEEXI3uB TmyoddZ2RueT94Nr3pLAefVl4SUHw0pVIh0zfcnbawUVjb.iCyCMcMJJ0rQd LimG0C2k090ap2gTjiW5p_lRdq8n4g3x1Xod5ZZ7reqv84RIGqg0ZIC68Rsr HHWOPlYHuZAf_3yupQw4CxEgOF1U9Qd_fp_LMO2_JGpCIS8fuLhcKgZorsBO NA3to5E2YeIqjxH9hJD1JdurDUhnh4SFOCd3pN3bGm7quT9iopUzbqThrmoY TpCkk75wQqqBAIvl31xfB2cNFtOn_2rbdm4qXky8UC4U7c4JzPytKPVDLIwT w7ha59OpRGKDXe9gM36pzu2XSjZoTprMV5puNIa_wfzjzWObVu76rhhnW34N XZkwlogrw4lUsHMFxxza543QVbBL3UGuegkx7GkKlElqzxt_vDvDtM_DZ0WR pYqhYnJWb_ytn3V2ZgdQ6.g7D1ASuD7_E_4oH82LAjKSYuFFyGCpaMDm0x2P ILexxwRwTz0zXMAklO2sq2rUBhKLb6bq4J1Zt9oI13rylM0JzjJjM384RiOW yZbmqvUqgPgtJdYkO4inQHI6tchFYfji4OBz3k1VWUErwnIfIY0p1T_L5ru9 MfQJm5tc7oRTyxGzafC9zL8qzFj2D9EZgTxiBrczu4qD5s.0erkg4hGtdJ1V YurMzsEoR6AeuUu0TPiNp8N6udqFL1So5FJUw9bvlj6JrZDWMlu8tDjYxGNG eFVAdubEvvKvQc4ZoEiRmKackvMozGEesMmTWxASAEb3KKqjkFSH3Nm._nmB 1Q--
X-Originating-IP: [64.34.47.140]
Authentication-Results: mta1160.mail.mud.yahoo.com from=winamp.com; domainkeys=neutral (no sig); from=winamp.com; dkim=permerror (no key)
Received: from 127.0.0.1 (EHLO mx-64-34-47-140.sailthru.com) (64.34.47.140) by mta1160.mail.mud.yahoo.com with SMTP; Wed, 16 Feb 2011 02:21:54 -0800
Received: from mx4.sailthru.com (mx-64-34-47-140.sailthru.com [64.34.47.140]) by mx-64-34-47-140.sailthru.com (Postfix) with ESMTP id 21AB51DA2314 for <colinthejazzman@yahoo.com>; Tue, 15 Feb 2011 23:24:01 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; t=1297830241; s=sailthru; d=winamp.com; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:List-ID:List-Unsubscribe; bh=1VzAvLQU39Y0gIjdtvhQP6lWlMGWVEaDRXXnwpMUPK8=; b=oLjozO6ND/AiMgIKvBlwuoNC1wUW5ZeF+nVC5NYCOd0sVFjpj4W47aU/7HH/KGtN G0IPoZFVOQGfvuSDxZW+18L/bs102UuGYyLErBUQyr+APM4qbkZ49OZbP9Xvl5hhJFE 4wLBHC8BZMr7GUkIVC4+OSy7xpyA/KPUWl78/C9Y=
Date: Wed, 16 Feb 2011 04:24:01 +0000 (UTC)
From:
Winamp <noreply@winamp.com>
Add sender to Contacts
To: xxxxx@yahoo.com
Message-ID: <20110216042401.87470.26233@sailthru.com>
Subject: Winamp Forums Security Notification
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3568285_157486545.1297830241136"
X-TM-ID: 20110216042401.87470.26233
X-Info: Message sent by sailthru.com customer Winamp
X-Info: We do not permit unsolicited commercial email
X-Info: Please report abuse by forwarding complete headers to
X-Info: abuse@sailthru.com
X-Mailer: sailthru.com
X-IADB-IP: 64.34.47.140
X-IADB-IP-REVERSE: 140.47.34.64
X-IADB-URL: http://www.isipp.com/iadb.php
X-Unsubscribe-Web: http://link.winamp.com/oc/1vhq.k8p/e2dc9318
List-ID: <cm.967.68daf8bdc8755fe8f4859024b3054fb8.sailthru.com>
List-Unsubscribe: <mailto:unsubscribe_967@mx.sailthru.com>, <http://link.winamp.com/oc/1vhq.k8p/e2dc9318>
X-rpcampaign: stblf87470
Content-Length: 7376

Winamp Forums Security Notification
Hello,

My name is Geno Yoham and I am the General Manager of Winamp. Our entire team is dedicated to protecting the privacy of our users and has put extensive measures in place to ensure your information remains secure. As a result of these precautions, we quickly detected and blocked an attack on the Winamp Forums database. We have confirmed that this breach was isolated to the Winamp Forums (forums.winamp.com) site only. Other Winamp sites and products such as Winamp.com, dev.winamp.com and the Winamp Desktop Media Player were not affected in any way.

We have determined that your email address was exposed as a result of this attack, so as a precautionary measure, we recommend that you change your password on the Winamp Forums. In addition, we recommend that you change your password every few months as a best practice for keeping your information secure.

We have set up an FAQ at forums.winamp.com for answers to questions you may have related to this incident.

If you have any additional questions, please contact: support@winamp.com.

We apologize for any inconvenience this has caused and want to assure you that we are taking steps to ensure that your information remains secure as a part of our ongoing commitment to protecting your privacy.

Geno Yoham
Winamp

XXXXX

Thanks for looking at this,

Regards,

Colinito
colinito is offline   Reply With Quote
Old 16th February 2011, 12:54   #2
DrO
 
Join Date: Sep 2003
Posts: 27,873
it is a legitimate message as per http://forums.winamp.com/showthread.php?t=327366 and point #9.

-daz
DrO is offline   Reply With Quote
Old 16th February 2011, 13:19   #3
jaromanda
Forum King
 
Join Date: Jun 2007
Location: Under the bridge
Posts: 2,289
re: addressed to "Hello"

did you think winamp/aol would send individualised emails to all of it's members about this breach - much quicker and easier to send a generic email to all, rather than fiddle around with fancy albeit automated crap that sends a personalised emails to each address

the email is genuine ... as the FAQ exists, as do a number of threads expressing disgust that winamp could let such a thing happen (obviously some people DO NOT read Terms of Service or Privacy Policies before joining websites/forums)

Is it just me or are shoutcast users getting dumber?
jaromanda is offline   Reply With Quote
Old 16th February 2011, 20:32   #4
colinito
Junior Member
 
Join Date: Dec 2007
Location: South of Spain
Posts: 4
? Genuine Message ?

DrO and jaromanda,
Many thanks for your reply.
For obvious reasons, until I was certain that it was not a phishing scam, I did not go to any links supplied in the mail.
I shall now change my password! - Thread closed!

Regards,
colinito.
colinito is offline   Reply With Quote
Old 17th February 2011, 02:49   #5
Napolean Solo
Junior Member
 
Join Date: Mar 2004
Posts: 40
I just changed my password. Then again, this site isnt SSL, so it almost doesnt matter.
Napolean Solo is offline   Reply With Quote
Old 17th February 2011, 10:24   #6
Batter Pudding
Major Dude
 
Batter Pudding's Avatar
 
Join Date: Jun 2008
Posts: 1,665
Quote:
Originally Posted by Napolean Solo View Post
I just changed my password. Then again, this site isnt SSL, so it almost doesnt matter.
SSL would not have stopped this attack. They hacked a bug in the forum software. If SSL was in use - then they would have still kicked in the same door to gain access through that bug.

Imagine SSL is like better locks on your front door, but the thief found a window left open a the back of the building and entered that way instead.
Batter Pudding is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Winamp > Winamp Site Design

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump