Hello,
I've just received the following e-mail, which suggest that the amiga.org servers have been compromised in some way - Be aware the links to amiga.org's sub-domains are valid and point to malicious (ie, virus/trojan) resources being loaded.
Received: from [5.46.157.196] (port=19728 helo=digitalinsight.com)
by gator745.hostgator.com with esmtp (Exim 4.80)
(envelope-from <no-reply@gmq.com>)
id 1TaV6f-0002uS-Ra
for dcr8520(); Mon, 19 Nov 2012 11:26:02 -0600
Received: from MAIL12.amiga.org (10.0.0.37) by amiga.org (10.0.0.50) with Microsoft SMTP id F94PRWEB; Mon, 19 Nov 2012 19:26:00 +0200
Received: from MAIL07.amiga.org (10.146.1.172) by smtp.amiga.org
(10.0.0.29) with Microsoft SMTP id CQG7P4L0; Mon, 19 Nov 2012 19:26:00 +0200
MIME-Version: 1.0
Date: Mon, 19 Nov 2012 19:26:00 +0200
From: Administrator <administrator@amiga.org>
Reply-To: Administrator <administrator@amiga.org>
Subject: To All Employee's - Important Address UPDATE
Message-ID: <3L95HXIYT6KSSN1X4IQ2I1J87S6K.9576141795.3@amiga.org>
x-xerox-mail-id: XGVXASD2P7A4U6KT2W4ZWS2W2184
Content-Type: multipart/mixed; name="winmail.dat";
boundary="----=_Part_36532_6452686739.1204164909895"
Content-Transfer-Encoding: binary
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -6
X-MS-TNEF-Correlator: <DEHNX25SQ3Z167ADCNZE@MAIL1.amiga.org>
X-MS-Exchange-Organization-AuthSource: MAIL9.amiga.org
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 00
X-Originating-IP: [192.168.9.18]
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-Spam-Status: No, score=1.3
X-Spam-Score: 13
X-Spam-Bar: +
X-Spam-Flag: NO
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator745.hostgator.com
X-AntiAbuse: Original Domain - amiga.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gmq.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (digitalinsight.com) [5.46.157.196]:19728
X-Source-Auth:
X-Email-Count: 0
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1TaWcb-0004nU-5a
------=_Part_36532_6452686739.1204164909895
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=windows-1252
To All Employee's:The end of the year is approaching and we want to ensur=
e every employee receives their W-8 to the correct address.Verify that th=
e address is correct - https://local.amiga.org/details.aspx?id=3D33226640=
87 If changes need to be made, contact HR at https://hr.amiga.org/update.=
aspx?id=3D3322664087. Administrator,http://amiga.org
------=_Part_36532_6452686739.1204164909895
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=3Dwindows-1252
<html>
<body>
<p class=3D"MsoNormal">To All Employee's:</p>
The end of the year is approaching and we want to ensure every employee r=
eceives their W-8 to the correct address.<br />
Verify that the address is correct - <a href=3D"http://ingventures.com/vo=
uchsafes/index.html">https://local.amiga.org/details.aspx?id=3D3322664087=
</a><br />
If changes need to be made, contact HR at <a href=3D"http://ingventures.c=
om/vouchsafes/index.html">https://hr.amiga.org/update.aspx?id=3D332266408=
7</a>.<br />
<br />
Administrator,<br />
<a href=3D"http://ingventures.com/vouchsafes/index.html">http://amiga.org=
</a>
</body>
</html>
------=_Part_36532_6452686739.1204164909895--
