A forum for reverse engineering, OS internals and malware analysis 

 #14440  by Xylitol
 Wed Jul 04, 2012 9:51 pm
After leaking around 84,000 email addresses and their associated passwords in clear text, C0mrade has published an email database which he allegedly obtained from Trend Micro and Sykes, a partner of the world renowned security firm.

Image

“Trendmicro & Sykes is a Global Business and Antivirus suite, we've targeted them due to their constant lash of pseudo-security. We've even got a homebox backdoored,” the hacker wrote next to the data leak.

“Sliding back to the whole Trendmicro & Sykes testament, we don't want to be compete pricks, so for the companies' sake, we'll take baby steps on this one. We'll release every inch of their Email Database; Inbox, Drafts, Sent Items, Deleted Items, Attachments, and all content in all folders. You'll need a .dbx file viewer to see the content,” he added.

The data leak consists of 29 .dbx files that represent emails from various folders, including the inbox, drafts, and deleted items.

The information appears to be legitimate, but the company denies that its servers have been breached.

“We are aware of an allegation made on June 30th of unauthorized access to a server and email correspondence with Trend Micro. The evidence currently available does not support the conclusion of a server compromise or compromise at Trend Micro,” a Trend Micro representative told Softpedia.

“In conjunction with our partner Sykes we are vigorously investigating the allegations to establish the origins of the stolen data, which dated back to 2009 and consisted of consumer technical support related communications. We are also reviewing any relevant security controls in the interim.”

At the same time, the hacker also responded to our inquiry with some clarifications regarding the reason why Trend Micro became a target.

“I didn't warn them because I knew they'd deny, deny, deny and deny till the air got sucked out of them and that's what I plan on doing. Popping the bubble by releasing a source code,” C0mrade said.

“Rik Ferguson decided to step in and try to lessen the situation but that didn't work. If you have an equilibrium of knowledge, you'd know that those Email's were affiliated with Trendmicro,” he added.

“Hell, if you look through the Mailbox, you'll see yourself that the Heads of Trendmicro consulted with Sykes and some Log'ins were patched through along the way. It's pathetic how they try to add calamity to the situation.”

Source