No announcement yet.

? Genuine Message ?

  • Filter
  • Time
  • Show
Clear All
new posts

  • ? Genuine Message ?


    I have just received this mail, and having developed Full Headers I post it to enquire if it is genuine or a phishing scam. I have deleted my email address for security reasons. I notice the following -

    "X-Info: Please report abuse by forwarding complete headers to
    X-Info: [email protected]"

    ---and have assumed that this is also a scam, therefore I have not contacted this address.

    Another point is that The mail is addressed to "HELLO" and not personalised to me specifically, which, in my opinion, it should be addressed to me if Winamp writes to me personally.

    The "Originating IP address" of the mail is seen at this link -

    Here is the message with Full Headers :-

    X-Apparently-To: [email protected] via; Wed, 16 Feb 2011 02:21:55 -0800
    Return-Path: <[email protected]>
    Received-SPF: pass ( domain of [email protected] designates as permitted sender)
    X-YMailISG: bAhO_VkcZAoUzjHfftTntfBr8vlBQo8ynPWmbjn5khnRbQ6Z cdcXqR_.dzdhD71pKw7fqQGuwzBNem.3qhj4Hx__fuiWY2tYcFpejftVSz7O DS6zVt_Agva_Xp2GMf7900A8BM.ByDctxUMk3q7Zw9brYfvCtid69qNQGcfK EgT99FnbdM.R5ek2.LNWQT6BcXqaHD8n5jLmabdtVBrQ_koZrDAv2xLQDzVS bRnAtZX4pEQYC59JbQK4_42TAoOFrCDKDRc.jOnDdmiCZBAdBNCWTg5DN8iK ww0BNZQ19jTwQMPowKJ3PT8_g6prGE22tOIaP2lj5A1vcyL5umleTiq6GkvB aWcvtqXgVU3V7gvSCmXRL0lmHGzA163cUZrxavrdagr3aWwVZkItncCpt0o6 fybtvxYXlxKwPidvW8jglVxRyNlptMfunfac.i1cljatBpvixiJgaGWqTi2e pK1eHJ6inWJ1KoXZEeWSGMj5twkaf68p24LToyWuc123fh1USohEybW2KWdb YnogJe_l4BOFvKZKcXdh7FtiuZo50afBEKvXL6QUxWcSmyDD6Q6d3ojscsdq qPBD169f_f6u1XV_sxUkAdL6JuC0yuUhl6MihZieg8N_x0fEKiNYz0raAX_L 9qfYltJYdYxJtfa7otqelGpGyy_kuPFlWxKtiqIagzaBO80pyx2AQmj6gFer kBaLpV6KHBa4TCVsZf7Hi6EEF.qA1LyFZePEgveYF6wG6bjrrUW1lna0HS2p SnU_pSyVH1M5jmxka3ylgG6zWWecTbWRnGg4Nv8NzB6tkF.qSwFcaeydI3uQ OlnL4MmxeD5rdden7dp1rintE5YP4tZDKCGRQvPmqSBIl9c5Ap0gbEEXI3uB TmyoddZ2RueT94Nr3pLAefVl4SUHw0pVIh0zfcnbawUVjb.iCyCMcMJJ0rQd LimG0C2k090ap2gTjiW5p_lRdq8n4g3x1Xod5ZZ7reqv84RIGqg0ZIC68Rsr HHWOPlYHuZAf_3yupQw4CxEgOF1U9Qd_fp_LMO2_JGpCIS8fuLhcKgZorsBO NA3to5E2YeIqjxH9hJD1JdurDUhnh4SFOCd3pN3bGm7quT9iopUzbqThrmoY TpCkk75wQqqBAIvl31xfB2cNFtOn_2rbdm4qXky8UC4U7c4JzPytKPVDLIwT w7ha59OpRGKDXe9gM36pzu2XSjZoTprMV5puNIa_wfzjzWObVu76rhhnW34N XZkwlogrw4lUsHMFxxza543QVbBL3UGuegkx7GkKlElqzxt_vDvDtM_DZ0WR pYqhYnJWb_ytn3V2ZgdQ6.g7D1ASuD7_E_4oH82LAjKSYuFFyGCpaMDm0x2P ILexxwRwTz0zXMAklO2sq2rUBhKLb6bq4J1Zt9oI13rylM0JzjJjM384RiOW yZbmqvUqgPgtJdYkO4inQHI6tchFYfji4OBz3k1VWUErwnIfIY0p1T_L5ru9 MfQJm5tc7oRTyxGzafC9zL8qzFj2D9EZgTxiBrczu4qD5s.0erkg4hGtdJ1V YurMzsEoR6AeuUu0TPiNp8N6udqFL1So5FJUw9bvlj6JrZDWMlu8tDjYxGNG eFVAdubEvvKvQc4ZoEiRmKackvMozGEesMmTWxASAEb3KKqjkFSH3Nm._nmB 1Q--
    X-Originating-IP: []
    Authentication-Results:; domainkeys=neutral (no sig);; dkim=permerror (no key)
    Received: from (EHLO ( by with SMTP; Wed, 16 Feb 2011 02:21:54 -0800
    Received: from ( []) by (Postfix) with ESMTP id 21AB51DA2314 for <coli[email protected]>; Tue, 15 Feb 2011 23:24:01 -0500 (EST)
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; t=1297830241; s=sailthru;; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:List-ID:List-Unsubscribe; bh=1VzAvLQU39Y0gIjdtvhQP6lWlMGWVEaDRXXnwpMUPK8=; b=oLjozO6ND/AiMgIKvBlwuoNC1wUW5ZeF+nVC5NYCOd0sVFjpj4W47aU/7HH/KGtN G0IPoZFVOQGfvuSDxZW+18L/bs102UuGYyLErBUQyr+APM4qbkZ49OZbP9Xvl5hhJFE 4wLBHC8BZMr7GUkIVC4+OSy7xpyA/KPUWl78/C9Y=
    Date: Wed, 16 Feb 2011 04:24:01 +0000 (UTC)
    Winamp <[email protected]>
    Add sender to Contacts
    To: [email protected]
    Message-ID: <[email protected]>
    Subject: Winamp Forums Security Notification
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="----=_Part_3568285_157486545.1297830241136"
    X-TM-ID: 20110216042401.87470.26233
    X-Info: Message sent by customer Winamp
    X-Info: We do not permit unsolicited commercial email
    X-Info: Please report abuse by forwarding complete headers to
    X-Info: [email protected]
    List-ID: <>
    List-Unsubscribe: <mailto:[email protected]>, <>
    X-rpcampaign: stblf87470
    Content-Length: 7376

    Winamp Forums Security Notification

    My name is Geno Yoham and I am the General Manager of Winamp. Our entire team is dedicated to protecting the privacy of our users and has put extensive measures in place to ensure your information remains secure. As a result of these precautions, we quickly detected and blocked an attack on the Winamp Forums database. We have confirmed that this breach was isolated to the Winamp Forums ( site only. Other Winamp sites and products such as, and the Winamp Desktop Media Player were not affected in any way.

    We have determined that your email address was exposed as a result of this attack, so as a precautionary measure, we recommend that you change your password on the Winamp Forums. In addition, we recommend that you change your password every few months as a best practice for keeping your information secure.

    We have set up an FAQ at for answers to questions you may have related to this incident.

    If you have any additional questions, please contact: [email protected].

    We apologize for any inconvenience this has caused and want to assure you that we are taking steps to ensure that your information remains secure as a part of our ongoing commitment to protecting your privacy.

    Geno Yoham


    Thanks for looking at this,



  • #2
    it is a legitimate message as per and point #9.

    WACUP Project <‖> "Winamp Ramblings" - Indie Winamp Dev Blog


    • #3
      re: addressed to "Hello"

      did you think winamp/aol would send individualised emails to all of it's members about this breach - much quicker and easier to send a generic email to all, rather than fiddle around with fancy albeit automated crap that sends a personalised emails to each address

      the email is genuine ... as the FAQ exists, as do a number of threads expressing disgust that winamp could let such a thing happen (obviously some people DO NOT read Terms of Service or Privacy Policies before joining websites/forums)
      "If you don't like DNAS, write your own damn system"

      So I did


      • #4
        ? Genuine Message ?

        DrO and jaromanda,
        Many thanks for your reply.
        For obvious reasons, until I was certain that it was not a phishing scam, I did not go to any links supplied in the mail.
        I shall now change my password! - Thread closed!



        • #5
          I just changed my password. Then again, this site isnt SSL, so it almost doesnt matter.


          • #6
            Originally Posted by Napolean Solo View Post
            I just changed my password. Then again, this site isnt SSL, so it almost doesnt matter.
            SSL would not have stopped this attack. They hacked a bug in the forum software. If SSL was in use - then they would have still kicked in the same door to gain access through that bug.

            Imagine SSL is like better locks on your front door, but the thief found a window left open a the back of the building and entered that way instead.