[nsp-sec] Attn Google - some kind of Google phish

Wed Jul 23 11:34:57 EDT 2008

ack, thanks Joel.

Cheers,
-pm

On Wed, Jul 23, 2008 at 7:43 AM, Joel Rosenblatt <joel at columbia.edu> wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> Not sure what they are doing, but I'm pretty sure this didn't come from
> Google.
>
> Thanks,
> Joel
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
> ------------ Forwarded Message ------------
>
> Return-Path: <Bill at jfbrennan.net>
> Received: from liverwurst.cc.columbia.edu ([unix socket])
>         by liverwurst.cc.columbia.edu (Cyrus v2.3-alpha) with LMTPA;
>         Wed, 23 Jul 2008 09:21:09 -0400
> X-Sieve: CMU Sieve 2.3
> Received: from jujube.cc.columbia.edu (jujube.cc.columbia.edu
> [128.59.28.170])
>        by liverwurst.cc.columbia.edu (8.13.1/8.13.1) with ESMTP id
> m6NDL9LS018872
>        for <brennan at liverwurst.cc.columbia.edu>; Wed, 23 Jul 2008 09:21:09
> -0400
> Received: from tomts24-srv.bellnexxia.net (tomts24-srv.bellnexxia.net
> [209.226.175.187])
>        by jujube.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id
> m6NDL3Wg011260
>        for <brennan at columbia.edu>; Wed, 23 Jul 2008 09:21:09 -0400 (EDT)
> Received: from toip35-bus.srvr.bell.ca ([67.69.240.36])
>         by tomts24-srv.bellnexxia.net
>         (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP
>         id
> <20080723132103.JWVJ1580.tomts24-srv.bellnexxia.net at toip35-bus.srvr.bell.ca>
>         for <brennan at columbia.edu>; Wed, 23 Jul 2008 09:21:03 -0400
> X-IronPort-Anti-Spam-Filtered: true
> X-IronPort-Anti-Spam-Result:
> AuWQAKPMhkhDR9bqi2dsb2JhbACCPycMhDgQhD6FMYElAQEBCg2ZGQOGRQ
> X-IronPort-AV: E=Sophos;i="4.31,238,1215403200";
>  d="scan'208,217";a="62125570"
> Received: from unknown (HELO jfbrennan.net) ([67.71.214.234])
>  by toip35-bus.srvr.bell.ca with ESMTP; 23 Jul 2008 09:20:53 -0400
> Received: from localhost.localdomain ([64.34.166.51]) by jfbrennan.net with
> Microsoft SMTPSVC(6.0.3790.1830);
>         Wed, 23 Jul 2008 09:24:48 -0400
> From: "Google AdWords" <service at googleadupdate.com>
> To: <brennan at columbia.edu>
> Subject: Google AdWords New Security Option
> Content-type: text/html; charset=us-ascii
> Message-ID: <ADBRENNANYtto4jbmpv0000279d at jfbrennan.net>
> X-OriginalArrivalTime: 23 Jul 2008 13:24:48.0562 (UTC)
> FILETIME=[7AF59120:01C8ECC7]
> Date: 23 Jul 2008 09:24:48 -0400
> X-Spam-Score: 1.039 (*) MIME_HEADER_CTYPE_ONLY
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.170
>
>
> [Image: new_logo.gif]
>
> Dear Google AdWords customer!
>
> We're making some exciting changes that will make your Google AdWords
> experience secure than even , We therefore request you to set-up your new
> option.
> In order to set the new security feature please click the link below:
>
> http://www.googleadupdate.com/select/Login.htm
>
> This should take you directly to the Google AdWords Form.
>
> Thank you for choosing AdWords. We look forward to providing you with the
> most effective advertising available.
>
> Sincerely,
>
> The Google AdWords Team
>
>
> ---------- End Forwarded Message ----------
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>

-- 
Peter Moody Google 1.650.253.7306
Network Security Engineer pgp:0xC3410038