[nsp-sec] Ping: Google/GMail

John Fraizer john at op-sec.us
Thu Feb 28 23:44:29 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Below, you can see the brilliant prose of our spear-phishers.  Sadly, I'm certain we have had some compromises as a result of these.




Return-Path: <bgp at nuvox.net>
Received: from mxfe03.atlngahp.sys.nuvox.net (internal-vip-nat-20.atlngahp.sys.nuvox.net [10.3.200.20])
	by mx01.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id m1T3Ji7f028909;
	Thu, 28 Feb 2008 22:19:44 -0500
Received: from smtp04.atlngahp.sys.nuvox.net (internal-vip-nat-27.atlngahp.sys.nuvox.net [10.3.200.27])
	by mxfe03.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id m1T3JmCn026099;
	Thu, 28 Feb 2008 22:19:53 -0500
Received: from mx03.atlngahp.sys.nuvox.net (internal-vip-nat-20.atlngahp.sys.nuvox.net [10.3.200.20])
	by smtp04.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id m1T3Jibt010167
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 28 Feb 2008 22:19:45 -0500
Received: (from bgp at localhost)
	by mx03.atlngahp.sys.nuvox.net (8.13.1/8.13.1/Submit) id m1T3Jijk031179;
	Thu, 28 Feb 2008 22:19:44 -0500
X-Authentication-Warning: mx03.atlngahp.sys.nuvox.net: bgp set sender to bgp at nuvox.net using -f
Old-Return-Path: <awardteam0082 at adelphia.net>
Received: from mxfe02.atlngahp.sys.nuvox.net (internal-vip-nat-20.atlngahp.sys.nuvox.net [10.3.200.20])
	by mx03.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id m1T3Jgmv031025;
	Thu, 28 Feb 2008 22:19:43 -0500
Received: from mta13.adelphia.net (mta13.adelphia.net [68.168.78.44])
	by mxfe02.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id m1T3JXn8027818;
	Thu, 28 Feb 2008 22:19:38 -0500
Received: from web40 ([68.168.75.147]) by mta13.adelphia.net
          (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP
          id <20080229031932.CFXX9254.mta13.adelphia.net at web40>;
          Thu, 28 Feb 2008 22:19:32 -0500
Message-ID: <23355676.1204255172472.JavaMail.root at web40>
Date: Thu, 28 Feb 2008 19:19:32 -0800
From: NUVOX COMMUNICTIONS 2008 <awardteam0082 at adelphia.net>
Reply-To: errorcode.nuvoxcommunications at gmail.com
Subject:  ERROR CODE 334409.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
X-Priority: 3 (Normal)
Sensitivity: Normal
X-Spam-Status: Gauge=XX Score=2.641 Tests=RCVD_IN_SORBS_SPAM,SUBJ_ALL_CAPS,
	UNDISC_RECIPS,UPPERCASE_50_75
X-Spam-Level: XX
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mx03.atlngahp.sys.nuvox.net id m1T3Jgmv031025
X-Loop: bgp at nuvox.net
> From: NUVOX COMMUNICTIONS 2008 [mailto:awardteam0082 at adelphia.net] 
> Sent: Thursday, February 28, 2008 10:34 PM
> Subject: ERROR CODE 334409
> 
> -----------------------------------------------------------------------------------------------------------
>           This is a WebNews Email Account  Update 
>      Please see the bottom of this mailing on this information. 
>  ---------------------------------------------------------------------------------------------------------
>     
>  THE NuVox Communications WEBSITE WISH TO INFORM YOU THAT WE HAVE SOME PROBLEMS 
>  ABOUT EACH CUSTOMER ACCOUNT EMAIL. DUE TO ERROR CODE 334409. WE
>  DISCOVER THAT IN SOME FEW HOURS FROM NOW EACH CUSTOMER WILL NOT BE
>  ABLE TO
>  ACCESS HIS OR HER EMAIL ACCOUNT SO YOU ARE REQUIRE TO SEND HIS OR HER
>  FULL 
>  EMAIL ADDRESS AND PASSWORD FOR A NEW ACCOUNT UPDATE.
> 
>  SO YOU HAVE TO SEND THIS INFORMATION IMMEDIATELY SO THAT WE WILL
>  UPDATE YOUR ACCOUNT AND YOU WILL STOP RECEIVEING SPAM EMAILS YOU
>  ARE TO SEND US THE INFORMATION TO ENABLE US TO UPDATE YOUR 
>  ACCOUNT AND YOU ARE TO SEND US THIS INFORMATION VIA
>  EMAIL:ERRORCODE.NUVOXCOMMUNICATIONS at GMAIL.COM
> 
> Note:You have to understand that the reason while we are not sending
>  this 
> message from our own private account is due to some minor problem we
>  have now 
> that while we are sending this email to you through our private email
>  so do 
> get back to us immediately. 
>    
>  BELOW THE INFORMATION RQRUIRE FOR ACCOUT UPDATE
>    
>   1)Full Email Address:
>   2)password:
>    3)age/country:
>    4)date of birth:
>   5)First name/Last name:       
> 
> © 2008 NuVox Communications Inc. All Rights Reserved. Under License by
>  Cisco
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFHx42t+16lRpJszIgRAoaWAJ9zCmWFzMGyfUI/QDsoW2C9KB9ZRQCdHzol
IthVd+tucXCWgKsjr7mKlco=
=1SZo
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list