[nsp-sec] Attention Gmail folks - Money Laundering job post
Stephen Gill
gillsr at cymru.com
Tue Jun 24 13:55:31 EDT 2008
We've seen the following gmail addresses used with that same subject line in
June, 2008 which Google may also want to take a closer look at:
abqp284chf at gmail.com
arg612ondb at gmail.com
aumq132rqs at gmail.com
cch682nxcb at gmail.com
cmx462gffd at gmail.com
drpd267hcxn at gmail.com
egsg647srdu at gmail.com
ehah261qrxp at gmail.com
ek768rps at gmail.com
fcu436eem at gmail.com
grxg882gkqr at gmail.com
hdga332xeee at gmail.com
hxc632agcs at gmail.com
mgc123omtu at gmail.com
mqmc885rder at gmail.com
msgk844scrq at gmail.com
qgau785bbkp at gmail.com
qgu773nubu at gmail.com
rdcc128drnx at gmail.com
rtp376xbdk at gmail.com
tupn153btgc at gmail.com
udbe368grpb at gmail.com
Perhaps there is a distiguishable pattern in how they were set up. These
were sent from about ~900 different Ips.
Cheers,
-- steve
On 6/23/08 1:52 PM, "Joel Rosenblatt" <joel at columbia.edu> wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> I just got this ad for a money launderer - can some get this account closed.
>
> Thanks,
> Joel Rosenblatt
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
> Return-Path: <jhuttondd at tic.ch>
> Received: from liverwurst.cc.columbia.edu ([unix socket])
> by liverwurst.cc.columbia.edu (Cyrus v2.3-alpha) with LMTPA;
> Mon, 23 Jun 2008 16:40:50 -0400
> X-Sieve: CMU Sieve 2.3
> Received: from jujube.cc.columbia.edu (jujube.cc.columbia.edu [128.59.28.170])
> by liverwurst.cc.columbia.edu (8.13.1/8.13.1) with ESMTP id m5NKeoGZ006643;
> Mon, 23 Jun 2008 16:40:50 -0400
> Received: from static-66-16-41-243.dsl.cavtel.net
> (static-66-16-41-243.dsl.cavtel.net [66.16.41.243])
> by jujube.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id m5NKeiHJ011011
> for <security at columbia.edu>; Mon, 23 Jun 2008 16:40:49 -0400 (EDT)
> Message-ID: <000701c8d571$0728acc6$6f06fc8e at soeem>
> From: "elric jeff" <jhuttondd at tic.ch>
> To: <security at columbia.edu>
> Subject: business opp
> Date: Mon, 23 Jun 2008 18:53:18 +0000
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
> X-CU-Abuse-Report: exempt from filtering
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.170
>
> Sir/Madam
> REGIONAL PAYMENT RECEIVING AGENT NEEDED
> DT-systems Ltd. is based in Lithuania.
> We specialize in exportation and importation.
> We export our products to North America, South America, Eastern and Western
> Europe and Southern Asia.
> We are looking for a payment representative in UK, USA and Canada. Salary is
> 10% of every payment you receive on our behalf.
> All charges such as tax and fe_es will be deducted from the balance 90%.
> For this job position you have to provide with your bank account information.
> Note: Even if you have a real job, you can be part of our business anyway as
> your regular and part-time job can be easily combined,
> your work for our company will not disturb your regular work.
>
> If you are interested in this opportuni1y please send out your contact
> information to our company email:
> 1)Your Full names:
> 2)Your Address.
> 3)Postal code:
> 4)Home/office phone number:
> 5)cell phone number
> 6)Occupation
> 8)Sex:
> Your address should be correct and complete (including your state and country)
> because you will also
> be receiving cheques to your address.
>
> Attention ! Please write only to this email : grxg882gkqr at gmail.com
> Managers of our company will come in contact with you as soon as possible.
> Having received the information, we will give you a contract, in which the
> responsibility of both sides is fixed.
>
> Sincerely,
> HR manager
> Jonas Varnas
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list