The Latest in IT Security

Apple “Account Info Change” spam /


Not malware this time, but Pharma spam.. the links in this fake Apple message lead to

From: Apple [mailto:[email protected]]
Sent: Tue 06/11/2012 18:30
Subject: Account Info Change


The following information for your Apple ID [redacted] was updated on 11/06/2012:

Date of birth
Security question(s) and answer(s)

If these changes were made in error, or if you believe an unauthorized person accessed your account, please reset your account password immediately by going to

To review and update your security settings, sign in to

This is an automated message. Please do not reply to this email. If you need additional help, visit Apple Support.

Apple Customer Support

TM and copyright © 2012 Apple Inc. 1 Infinite Loop, MS 96-DM, Cupertino, CA 95014.
All Rights Reserved / Keep Informed / Privacy Policy / My Apple ID 

The fake pharma site ( is hosted on along with a bunch of other ones, plus some additional sites one IP over at

Oddly, doesn’t seem to be registered at RIPE. No matter, we know who the owner of is:

inetnum: –
netname:         A84-22-127-0
descr:           BLACK OPERATIONS
admin-c:         CBMT1-RIPE
tech-c:          CBMT1-RIPE
country:         NL
status:          ASSIGNED PA
mnt-by:          MNT-CB3ROB
mnt-lower:       MNT-CB3ROB
mnt-routes:      MNT-CB3ROB
source:          RIPE # Filtered

role:            Ministery of Telecommunications
address:         One CyberBunker Avenue
address:         CB-31337
address:         CyberBunker-1
address:         Republic CyberBunker
mnt-by:          MNT-CB3ROB
admin-c:         CBMT1-RIPE
tech-c:          CBMT1-RIPE
nic-hdl:         CBMT1-RIPE
source:          RIPE # Filtered

descr:          R84-22-96-0
origin:         AS34109
mnt-by:         MNT-CB3ROB
source:         RIPE # Filtered

It’s our old friends Cyberbunker again, who have registered the block with fake details. How RIPE lets them get away with this I don’t know. If you can, I recommend blocking the entire range as almost everything here is pretty seedy. You can read more about Cyberbunker’s very dark grey hat activities over at Wikipedia if you want more information.

Leave a reply





Latest Comments

Social Networks