[nsp-sec] Attn MSN: Money laundering scheme of the day ->Office Assistant Required - 1500/week

Zot O'Connor zoto at microsoft.com
Thu Jul 10 13:10:50 EDT 2008 

Reported emails internally.


Zot O'Connor
MSRC Ecosystem Strategy Team
Partner Outreach
(425) 722-7575


-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Stephen Gill
Sent: Thursday, July 10, 2008 9:54 AM
To: Joel Rosenblatt; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] Attn MSN: Money laundering scheme of the day ->Office Assistant Required - 1500/week

----------- nsp-security Confidential --------

Spammed addresses we've seen matching that description include:

 dibagi at live.com
 dibagi at msn.com
 dibag_indus at live.com
 dibagindus at live.com
 dibag_indus at msn.com
 dibag_industrie at live.com
 dibag_industrie at msn.com
 dibag_industries at live.com
 dibag_industries at msn.com
 dibag at live.com
 martin_rohwerder at live.com
 martinrohwerder at live.com

We've seen the following ~1500 Ips participating in the fun:

https://asn.cymru.com/nsp-sec/upload/1215708783.whois.txt

Speaking of, if anyone has spam feeds available in mbox format that they'd
like to share for some testing please let me know!

Cheers,
-- steve

On 7/10/08 8:09 AM, "Joel Rosenblatt" <joel at columbia.edu> wrote:

> ----------- nsp-security Confidential --------
>
> Hi,
>
> Please have the address dibag_industrie at msn.com disabled.
>
> Thank you,
> Joel Rosenblatt
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>
> ------------ Forwarded Message ------------
> Date: Thursday, July 10, 2008 1:06 PM +0000
> From: kostas alejandr <ehelp at aeromen.com>
> To: security at columbia.edu
> Subject: Office Assistant Required - 1500/week
>
> Return-Path: <ehelp at aeromen.com>
> Received: from liverwurst.cc.columbia.edu ([unix socket])
> by liverwurst.cc.columbia.edu (Cyrus v2.3-alpha) with LMTPA;
> Thu, 10 Jul 2008 10:53:36 -0400
> X-Sieve: CMU Sieve 2.3
> Received: from noni.cc.columbia.edu (noni.cc.columbia.edu [128.59.28.173])
> by liverwurst.cc.columbia.edu (8.13.1/8.13.1) with ESMTP id m6AErZ6r013256;
> Thu, 10 Jul 2008 10:53:36 -0400
> Received: from [202.134.2.100] ([202.134.2.100])
> by noni.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id m6AErSYY009088
> for <security at columbia.edu>; Thu, 10 Jul 2008 10:53:34 -0400 (EDT)
> Message-ID: <000901c8e29c$04162c87$80a2e4aa at kdotege>
> From: "kostas alejandr" <ehelp at aeromen.com>
> To: <security at columbia.edu>
> Subject: Office Assistant Required - 1500/week
> Date: Thu, 10 Jul 2008 13:06:13 +0000
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2720.3000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
> X-CU-Abuse-Report: exempt from filtering
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.173
>
> We are a Germany company, we are doing business all over the Europe, our main
> activities are real estate investments and digital currencies exchanges.
> As a result of expading our business in North American region, our company
> must keep up with our American customers accepting the most popular payments
> in the
> United States: Paypal. We are currently seeking an dependable and enthusiastic
> US representative to handle the transactions. Being located in Germany, a
> transfer via Paypal system sent here can take up to 14 days to arrive,
> therefore we need a US representative with an US paypal account who able to
> accept the
> payments from our US customers. This will significantly improve our business,
> that's why we can pay 5% from every transfer processed.
> Almost anyone is accepted, but a verified paypal account is required, an
> account where you will be receiving the transfers.
> If you are interested to find more about this position, let me know at:
> dibag_industrie at msn.com
>
> Thank you,
> Martin Rohwerder
> Dibag Industries AG
>
>
> ---------- End Forwarded Message ----------
>
>
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com




_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list