[nsp-sec] Any contact at Northwestern Memorial Hospital Ontario?
SURFcert - Peter
p.g.m.peters at utwente.nl
Fri Apr 18 07:42:38 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
It appears the HMH webmail (OWA?) has been phished and is abused to
phish for other information. At least the account of "Willson, Wendy"
seems to be compromised. And it is used to receive new credentials too.
Relevant headers:
Received: from nmh.org (nmh-nt2.nmh.org [165.20.110.51])
by smtp.utwente.nl (8.12.10/SuSE Linux 0.7) with ESMTP id
m3HEDxZk005300
for <abuse at utwente.nl>; Thu, 17 Apr 2008 16:13:59 +0200
Received: from ([10.76.104.73])
by mailhost2.nmh.org with ESMTP id KP-NTG93.31326906;
Thu, 17 Apr 2008 09:13:25 -0500
Received: from NMHEXCH01.nmh.org ([10.76.104.25]) by nmh-exsmtp2.nmh.org
with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 17 Apr 2008 09:13:25 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Subject: Dear all Webmail account Owner,
Date: Thu, 17 Apr 2008 09:12:56 -0500
Message-ID: <BC6AE042E160C048B2554296E9CDA6080493028C at NMHEXCH01.nmh.org>
Thread-Topic: Dear all Webmail account Owner,
Thread-Index: AciglR3y6gLkwBvsRXSilQi/Bu8fJQ==
From: "Willson, Wendy" <wwillson at nmh.org>
Bcc:
X-OriginalArrivalTime: 17 Apr 2008 14:13:25.0605 (UTC)
FILETIME=[33954150:01C8A095]
Content-Type: text/plain;
charset="iso-8859-1"
Return-Path: wwillson at nmh.org
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFICIktelLo80lrIdIRAlh6AKCT2w0IqF96dlJ+MGO8qgMflpNXsQCgmkvT
mjfUGyDSLD/lzK07+IOZIPc=
=bnzt
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list