[nsp-sec] Paging Yahoo! - Phishing account
Seth Hall
hall.692 at osu.edu
Mon Jun 2 08:26:10 EDT 2008
On Jun 2, 2008, at 7:11 AM, White, Gerard wrote:
> Looks like an account on the Jundi-Shapur University's web-mail server
> got abused to target
> your folks. Unfortunately all you have to go by is a AS 12491
> IPPlanet
> /32 that's probably an open
> proxy of sorts.
We had 217.21.79.166 login to a compromised webmail account here on
May19th. The connection didn't have any proxy related headers
though. A lot of the logins to compromised webmail accounts here, do
have the "Via" header set.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the nsp-security
mailing list