[nsp-sec] Google/Gmail - gmail in use for hitman 419 scam

[Chris Morrow]

I'll have the account shut (might take til morning) can I send you 
explanation though along with this?

-Chris
(google-security-person)

On Tue, 27 May 2008, RuthAnne Bevier wrote:

> ----------- nsp-security Confidential --------
>
> I'm not sure who to send this to at Gmail to get this shut down and
> maybe investigated.  One of our users received a 419 variant known
> at the "hit man" scam, in which the sender claims he is a hit man
> contracted to kill the recipient, but for a price he will not carry
> out the murder.  Full headers are below (with recipient's username
> supressed by request).  The user has also reported this to the FBI.
>
> The message demands that the recipient send a response to
> "final.bulletpoint360 at gmail.com".
>
> -------- Original Message --------
> Return-Path:    <redbulletpoint.1 at klikni.cz>
> X-Original-To:  xxx at caltech.edu
> Received:       from fire-dog.its.caltech.edu (fire-dog
> [192.168.1.4]) by
> earth-ox-postvirus (Postfix) with ESMTP id C4F0B1BC77 for
> <xxx at caltech.edu>; Tue, 27 May 2008 03:42:01 -0700 (PDT)
> Received:       from ag-out-0708.google.com (ag-out-0708.google.com
> [72.14.246.248]) by water-ox.its.caltech.edu (Postfix) with ESMTP id
> EFAD21BA77 for <xxx at caltech.edu>; Tue, 27 May 2008 03:41:58 -0700
> (PDT)
> Received:       by ag-out-0708.google.com with SMTP id
> 8so2985600agc.0 for
> <xxx at caltech.edu>; Tue, 27 May 2008 03:41:58 -0700 (PDT)
> Received:       by 10.90.103.3 with SMTP id
> a3mr1414933agc.112.1211884870218;
> Tue, 27 May 2008 03:41:10 -0700 (PDT)
> Received:       by 10.90.83.5 with HTTP; Tue, 27 May 2008 03:41:10
> -0700 (PDT)
> Message-ID:
> <ced2a0070805270341v10ce85a2q78e8396c8d2cadbd at mail.gmail.com>
> Date:   Tue, 27 May 2008 12:41:10 +0200
> From:   ANTHONIO BENITO <redbulletpoint.1 at klikni.cz>
> Subject:        SOMEONE YOU CALL YOUR FRIEND, WANTS YOU DEAD.
> MIME-Version:   1.0
> Content-Type:   multipart/alternative;
> boundary="----=_Part_12012_15314810.1211884870212"
> To:     undisclosed-recipients:;
> X-Spam-Scanned:         at Caltech-ITS on fire-dog by amavisd-2.4.5
> X-Spam-Score:   2.996
> X-Spam-Level:   **
> X-Spam-Status:  No, score=2.996 tagged_above=-10000 required=5
> tests=[DK_POLICY_SIGNSOME=0.001, HTML_10_20=0.945,
> HTML_MESSAGE=0.001,
> SUBJ_ALL_CAPS=1.166, UNDISC_RECIPS=0.883]
>
>
>
>
>
>
> --
> RuthAnne Bevier
> Information Security
> California Institute of Technology
> 626-395-2671
> ruthanne at caltech.edu
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>