[nsp-sec] Attention Gmail folks - Money Laundering job post
Peter Moody
pmoody at google.com
Tue Jun 24 14:08:10 EDT 2008
ack,
I'll pass this list on. I'm not intimately familiar with the abusive
account hunting process, but I do know that most reported accounts net
quite a few 'related' accounts.
Cheers,
-pm
On Tue, Jun 24, 2008 at 10:55 AM, Stephen Gill <gillsr at cymru.com> wrote:
> ----------- nsp-security Confidential --------
>
> We've seen the following gmail addresses used with that same subject line in
> June, 2008 which Google may also want to take a closer look at:
>
> abqp284chf at gmail.com
> arg612ondb at gmail.com
> aumq132rqs at gmail.com
> cch682nxcb at gmail.com
> cmx462gffd at gmail.com
> drpd267hcxn at gmail.com
> egsg647srdu at gmail.com
> ehah261qrxp at gmail.com
> ek768rps at gmail.com
> fcu436eem at gmail.com
> grxg882gkqr at gmail.com
> hdga332xeee at gmail.com
> hxc632agcs at gmail.com
> mgc123omtu at gmail.com
> mqmc885rder at gmail.com
> msgk844scrq at gmail.com
> qgau785bbkp at gmail.com
> qgu773nubu at gmail.com
> rdcc128drnx at gmail.com
> rtp376xbdk at gmail.com
> tupn153btgc at gmail.com
> udbe368grpb at gmail.com
>
> Perhaps there is a distiguishable pattern in how they were set up. These
> were sent from about ~900 different Ips.
>
> Cheers,
> -- steve
>
>
> On 6/23/08 1:52 PM, "Joel Rosenblatt" <joel at columbia.edu> wrote:
>
>> ----------- nsp-security Confidential --------
>>
>> Hi,
>>
>> I just got this ad for a money launderer - can some get this account closed.
>>
>> Thanks,
>> Joel Rosenblatt
>>
>> Joel Rosenblatt, Manager Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>>
>> Return-Path: <jhuttondd at tic.ch>
>> Received: from liverwurst.cc.columbia.edu ([unix socket])
>> by liverwurst.cc.columbia.edu (Cyrus v2.3-alpha) with LMTPA;
>> Mon, 23 Jun 2008 16:40:50 -0400
>> X-Sieve: CMU Sieve 2.3
>> Received: from jujube.cc.columbia.edu (jujube.cc.columbia.edu [128.59.28.170])
>> by liverwurst.cc.columbia.edu (8.13.1/8.13.1) with ESMTP id m5NKeoGZ006643;
>> Mon, 23 Jun 2008 16:40:50 -0400
>> Received: from static-66-16-41-243.dsl.cavtel.net
>> (static-66-16-41-243.dsl.cavtel.net [66.16.41.243])
>> by jujube.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id m5NKeiHJ011011
>> for <security at columbia.edu>; Mon, 23 Jun 2008 16:40:49 -0400 (EDT)
>> Message-ID: <000701c8d571$0728acc6$6f06fc8e at soeem>
>> From: "elric jeff" <jhuttondd at tic.ch>
>> To: <security at columbia.edu>
>> Subject: business opp
>> Date: Mon, 23 Jun 2008 18:53:18 +0000
>> MIME-Version: 1.0
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: 7bit
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
>> X-CU-Abuse-Report: exempt from filtering
>> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.170
>>
>> Sir/Madam
>> REGIONAL PAYMENT RECEIVING AGENT NEEDED
>> DT-systems Ltd. is based in Lithuania.
>> We specialize in exportation and importation.
>> We export our products to North America, South America, Eastern and Western
>> Europe and Southern Asia.
>> We are looking for a payment representative in UK, USA and Canada. Salary is
>> 10% of every payment you receive on our behalf.
>> All charges such as tax and fe_es will be deducted from the balance 90%.
>> For this job position you have to provide with your bank account information.
>> Note: Even if you have a real job, you can be part of our business anyway as
>> your regular and part-time job can be easily combined,
>> your work for our company will not disturb your regular work.
>>
>> If you are interested in this opportuni1y please send out your contact
>> information to our company email:
>> 1)Your Full names:
>> 2)Your Address.
>> 3)Postal code:
>> 4)Home/office phone number:
>> 5)cell phone number
>> 6)Occupation
>> 8)Sex:
>> Your address should be correct and complete (including your state and country)
>> because you will also
>> be receiving cheques to your address.
>>
>> Attention ! Please write only to this email : grxg882gkqr at gmail.com
>> Managers of our company will come in contact with you as soon as possible.
>> Having received the information, we will give you a contract, in which the
>> responsibility of both sides is fixed.
>>
>> Sincerely,
>> HR manager
>> Jonas Varnas
>>
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> _______________________________________________
>
> --
> Stephen Gill, Chief Scientist, Team Cymru
> http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Network Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list