[nsp-sec] Spear phish of the Day - Pinging MSN

White, Gerard Gerard.White at aliant.ca
Fri Jun 20 09:41:32 EDT 2008 

Interesting... I've been blocking "dial-poolX.ph.starcomms.net"
/32s pretty intensively for the past few weeks (attempting to abuse
our webmail gateways).

GW
855 - Bell Aliant

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Joel Rosenblatt
> Sent: Friday, June 20, 2008 9:54 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Spear phish of the Day - Pinging MSN
> 
> ----------- nsp-security Confidential --------
> 
> Hi,
> 
> Our Spear phish of the day has a reply to address at MSN
> 
> From: Admin <customercenter9 at msn.com>
> Reply-to: Admin <customercenter9 at msn.com>
> 
> 
> Can someone there have this account shut down please.
> 
> Thanks,
> Joel Rosenblatt
> 
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> 
> 
> To: (Recipient List Suppressed)
> Sender: mcalleja3 at cogeco.ca
> From: Admin <customercenter9 at msn.com>
> Reply-to: Admin <customercenter9 at msn.com>
> Subject: Thank You For Using  columbia.edu  Account
> X-Mailer: Cogeco Webmail - complaints to abuse at cogeco.ca (
41.205.162.128 - mcalleja3 )
> X-Originating-IP: 41.205.162.128
> Date: Thu, 19 Jun 2008 18:16:12 -1200
> X-Priority: 3 (Normal)
> Message-id: <485b4b2c.13.74e2.11784 at cogeco.ca>
> X-Spam-Score: 5 (*****) CU_PHISH_5
> X-Scanned-By: MIMEDefang 2.63 on 128.59.29.5
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.165
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.165
> X-Remedy-Group: Email Tech
> X-No-Spam-Score: Local
> ReSent-Date: Fri, 20 Jun 2008 07:08:59 -0400 (EDT)
> ReSent-From: Ask CUIT Consultant <demianv at columbia.edu>
> ReSent-To: security at columbia.edu
> ReSent-Subject: Thank You For Using  columbia.edu  Account
> ReSent-Message-ID:
<alpine.SOC.1.00.0806200708590.6429 at persimmon.cc.columbia.edu>
> ReSent-User-Agent: Alpine 1.00 (SOC 882 2007-12-20)
> 
> Dear valued customer,
> 
> We are currently performing maintenance for our Digital Webmail
> Customers. We intend upgrading our Digital Webmail Security Server for
> better online services.
> 
> In order to ensure you do not experience service interruption,Please
> you must reply to this email immediately and enter your
> First Name:............
> Last Name:...................
> columbia.edu Username :(...............) ...............
> columbia.edu Password :(.................)................
> Check out your new features and enhancements with your new
> and improved columbia.edu  Account,To enable us upgrade your
columbia.edu  Account for better online
> services please
> reply to this mail:  customermercenter9 at msn.com
> 
>  Thank You For Using  columbia.edu  Account
> 
> 
> 
> 
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
> community. Confidentiality is essential for effective Internet
security counter-measures.
> _______________________________________________

More information about the nsp-security mailing list