[nsp-sec] Paging Yahoo! - Phishing account
SURFcert - Peter
p.g.m.peters at utwente.nl
Mon Jun 2 10:21:47 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seth Hall wrote on 2-6-2008 14:26:
>> Looks like an account on the Jundi-Shapur University's web-mail server
>> got abused to target
>> your folks. Unfortunately all you have to go by is a AS 12491 IPPlanet
>> /32 that's probably an open
>> proxy of sorts.
>
> We had 217.21.79.166 login to a compromised webmail account here on
> May19th. The connection didn't have any proxy related headers though.
> A lot of the logins to compromised webmail accounts here, do have the
> "Via" header set.
This IP address is also linked to another mail that looks like a fraud
scheme:
http://www.repository.izone.me.uk/repository.pl?action=read_email&email=20080417182757&month=May&year=2008
And I might have some, not yet disclosable, information too.
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD4DBQFIRAH6elLo80lrIdIRAmspAKCGTr1LZHoFgFZUJsFA5wG2qN+lhACVGZ2X
9V+aI+iLsXGKkwQIjFxKfw==
=H60P
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list