More spam is lighting up for Battle.net account users, Diablo, and World of Warcraft members. The latest spam update is below, where once again, the spammers are using a fake email account (firstname.lastname@example.org) as the sender, and stating that you are trying to sell your Battle.net account and need to verify it so it will not be suspended.
However, the link it gives looks real, however, it is fake.
Here are the technical details:
Return-path (email address the email actually came from): ab[at]vlrpc.com
IP address: 126.96.36.199 belonging to an unknown/private user (WHOIS states the IP master’s name: yanling ruanof) China Unicom, a telecommunications company governed by The People’s Republic of China. They seem to either ignore abuse reports, or do not know much about their users’ activities. We know a private user sent this spam, because the message header clearly states the application used to send the email: Microsoft Outlook Express 6.00.2900.5512.
Known blacklisting: Spamhaus.org (listed as “Illegal 3rd party exploits, including proxies, worms and trojan exploits”), abuseat.org, barracudacentral.org, uceprotect.net
Now, it’s believed that the recent spam outbreak (like the one above, for example) is a result of the latest Blizzard lawsuit. However, spam like this has happened before (also look in the comments for a user who posted about Diablo 3 spam).
The only thing to best protect against spam is having an anti-spam program. Please visit the vendor below for more information.
Blizzard has been in a lawsuit about data breaches and authentication issues, among data leakage. We’ve seen spam incidents before, so it’s no surprise the trouble that Blizzard has had maintaining user data.
A group of customers is suing gaming giant Blizzard Entertainment in connection with a data breach in August that resulted in user email addresses, hashed passwords and other information being stolen by attackers. The suit claims that the company did not do enough to secure users’ accounts before the compromise and that the company now is forcing users to pay for a two-factor authentication system to increase the security on their accounts.
The data breach was discovered in early August and Blizzard, which makes a number of popular online games, notified customers within a few days. The company was not specific about the timing of the breach discovery, saying only that its security team had discovered the breach that week.
“At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed,” the company’s CEO, Mike Morhaime, said in a statement at the time. – Read more on threatpost
The latest updates on Blizzard also include a cleanup of the situation.