[nsp-sec] AOL "phisingreport" ?
Ross, Jason
Jason.Ross at GlobalCrossing.com
Mon Feb 25 21:05:00 EST 2008
We just got shotgunned a notice of a host that is:
"being used on the IRC network for phising, carding
and hacking on the attempt of stealing credit card
also trading any tools by using mass spamming,
carding or phising. "
I say shotgunned because it went to what appears to be a random
selection of 'any publicly available email address that has anything to
do with networking'.
Surprisingly, security@ and abuse@ aren't in the To: list.
It came "From:" phisingreport at aol.com
Not sure what to make of it, but it doesn't appear to be from AOL based
solely on these headers (well, apart from the odd language
characteristics and misspellings):
X-AOL-IP: 66.232.107.104
X-MB-Message-Source: WebUI
Received: from 66.232.107.104 by webmail-da17.sysops.aol.com
(205.188.212.212) with HTTP (WebMailUI); Mon, 25 Feb 2008 19:17:56 -0500
)
AS | IP | AS Name
29802 | 66.232.107.104 | HVC-AS - HIVELOCITY VENTURES CORP
Does anyone know if this is legit or not ?
Has anyone else seen anything similar ?
( Should this be sent to the -d list instead of nsp-sec ? )
--
Jason Ross
Global Crossing
Information Security
GPG Key ID : 0xEC11B25A
More information about the nsp-security
mailing list