Jump to content

Did Fedex Get Owned?


izatt82
 Share

Recommended Posts

We have been getting hammered with spam emails from

Received: from prh00393.prod.fedex.com (prh00393.prod.fedex.com

[199.81.10.49]) by mx22.infosec.fedex.com (FedEx MX) with SMTP id

81.MD.55510.XCX3W0TL; Tue, 7 Aug 2012 15:17:39 +0100

Which looks to be a valid SMTP server at fedex.

Anybody else seeing anything like that?

Link to comment
Share on other sites

After further research they may all be spoofed, but from the looks of the header it looks like they are spoofing the message and boucing it off of fedex's SMTP servers. This may all be a spoof, but from our end it is hard to tell. It's also hard to block because we use FEDEX. I tried a few rules that hopefully won't also block valid emails, but we will see.

Link to comment
Share on other sites

IP Information for 199.81.10.49 IP Location: United States Collierville Fedex

ASN: AS7726

Resolve Host: prh00393.prod.fedex.com

Non-authoritative answer:

Name: mx22.infosec.fedex.com

Addresses: 199.81.217.45

199.81.130.124

IP Information for 199.81.217.45 IP Location: United States Collierville Fedex

ASN: AS7726

Resolve Host: mx22.infosec.fedex.com

IP Information for 199.81.130.124 IP Location: United States Memphis Fedex

ASN: AS7726

IP Address: 199.81.130.124

All IP's seem legit. If the body of the email was complete spam though, you might want to notify their abuse department. Try calling +1-901-263-4898 or emailing dns-admin@network.fedex.com and letting them know of the spam. Its more than likely forged, but not entirely impossible that they left an open mail relay up for sending mail without authentication on one of their servers, or like you said, they got pwned and had their shit attacked. If more customers are getting the same spam, chances are one of their databases got whacked too, and I wouldn't be surprised if we hear about it in the news.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...