(harmonic:security): No, My Password is Not "Too Weak" (No Matter What Your Email Claims)

Monday, June 11, 2012

No, My Password is Not "Too Weak" (No Matter What Your Email Claims)

Following LinkedIn's password 'incident' last week, now seeing a disturbing uptick in my spam folder with bogus "Your password is too weak, click here to change" emails falsely claiming to be from IMDb.

Subject is usually:
Your password is too short
- or -
Your password is too week
- or -
Change your Password

Sender is usually:
Database User Protection
IMDb User Protection

All of the seven emails I've received in the last three days (so far) use the same email body and appear to point to a HTTPS IMDb destination. But they all come via very different open mail relays with links actually pointing towards different equally suspicious (non-IMDb) destinations.

Delivered-To: christoperj
Received: by 10.231.176.83 with SMTP id bd19csp135731ibb;
Mon, 11 Jun 2012 08:46:52 -0700 (PDT)
Received: by 10.101.166.40 with SMTP id t40mr6806941ano.5.1339429610543;
Mon, 11 Jun 2012 08:46:50 -0700 (PDT)
Received-SPF: softfail (best guess record for domain of transitioning ticket@balanceandpower.com does not designate 10.10.10.10 as permitted sender) client-ip=10.10.10.10;
Received: by 10.232.20.148 with POP3 id f20mf3392662ghb.12;
Mon, 11 Jun 2012 08:46:50 -0700 (PDT)
Return-Path:
Delivered-To:
Received: from mx1 ([10.10.10.10])
by mss-us12 (Dovecot) with LMTP id qG6vEvUQ1k+/FQAAWHoucg
for ; Mon, 11 Jun 2012 15:45:15 +0000
Received: from mercury.uhost.ro.124.78.195.in-addr.arpa (unknown [195.78.124.14])
by mx1 (Postfix) with SMTP id F1D124711E2
for ; Mon, 11 Jun 2012 15:45:14 +0000 (GMT)
Subject: Your password is too short
Content-Type: text/html; charset="utf-8"
To: work
From: Database User Protection
Message-Id: <20120611184515.9C5AE53B20@imdb-pro-online-1578.iad1.amazon.com>
Date: Mon, 11 Jun 2012 18:45:15 -0700 (PDT)

This is an automatic message from the Internet Movie Database (IMDb) registration system.

Our system detected your password is too weak. Short passwords are easy to guess.

Please follow this link :

[LINK appears to be IMDb, but actually points to http:// wildhartz (dot) com (dot) au/up/load/]

If you use this password at any other sites, you'll need to change those passwords as well.

Regards,
IMDb User Protection help
[LINK to IMDb Account Registration]