Tag Archive | Battle.net

Battle.net Account Verification Email Spam Continues, More Users Compromised

More spam is lighting up for Battle.net account users, Diablo, and World of Warcraft members. The latest spam update is below, where once again, the spammers are using a fake email account (diablo@email.com) as the sender, and stating that you are trying to sell your Battle.net account and need to verify it so it will not be suspended.

However, the link it gives looks real, however, it is fake.

Greetings!   It has come to our attention that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees. If you wish to not get your account suspended you should immediately verify your account ownership.   You can confirm that you are the original owner of the account to this secure website with:   hxxps://www.battle.net/account/support/password-verify.html  If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.   Regards,   Account Administration Team World of Warcraft , Blizzard Entertainment 2012

Here are the technical details:

Return-path (email address the email actually came from): ab[at]vlrpc.com

IP address: 112.65.228.185 belonging to an unknown/private user (WHOIS states the IP master’s name: yanling ruanof) China Unicom, a telecommunications company governed by The People’s Republic of China. They seem to either ignore abuse reports, or do not know much about their users’ activities. We know a private user sent this spam, because the message header clearly states the application used to send the email: Microsoft Outlook Express 6.00.2900.5512.

Known blacklisting: Spamhaus.org (listed as “Illegal 3rd party exploits, including proxies, worms and trojan exploits”), abuseat.org, barracudacentral.org, uceprotect.net

Now, it’s believed that the recent spam outbreak (like the one above, for example) is a result of the latest Blizzard lawsuit. However, spam like this has happened before (also look in the comments for a user who posted about Diablo 3 spam).

The only thing to best protect against spam is having an anti-spam program. Please visit the vendor below for more information.

Caretaker Antispam download link

Blizzard Lawsuit Over a Data Breach

Blizzard has been in a lawsuit about data breaches and authentication issues, among data leakage. We’ve seen spam incidents before, so it’s no surprise the trouble that Blizzard has had maintaining user data.

A group of customers is suing gaming giant Blizzard Entertainment in connection with a data breach in August that resulted in user email addresses, hashed passwords and other information being stolen by attackers. The suit claims that the company did not do enough to secure users’ accounts before the compromise and that the company now is forcing users to pay for a two-factor authentication system to increase the security on their accounts.

The data breach was discovered in early August and Blizzard, which makes a number of popular online games, notified customers within a few days. The company was not specific about the timing of the breach discovery, saying only that its security team had discovered the breach that week.

“At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed,” the company’s CEO, Mike Morhaime, said in a statement at the time. – Read more on threatpost

The latest updates on Blizzard also include a cleanup of the situation.

%d bloggers like this: