[nsp-sec] Google/Gmail - gmail in use for hitman 419 scam

RuthAnne Bevier ruthanne at caltech.edu
Wed May 28 00:47:38 EDT 2008 

Yes, by all means.  I can send you the full message if that's
helpful as well.  It appears only one of our people received this,
fwiw (thus far at least).  Thank you, Chris!
  
     --RuthAnne

On Wed, May 28, 2008 at 12:41:13AM -0400, Chris Morrow wrote:
> I'll have the account shut (might take til morning) can I send you 
> explanation though along with this?
>
> -Chris
> (google-security-person)
>
> On Tue, 27 May 2008, RuthAnne Bevier wrote:
>
>> ----------- nsp-security Confidential --------
>>
>> I'm not sure who to send this to at Gmail to get this shut down and
>> maybe investigated.  One of our users received a 419 variant known
>> at the "hit man" scam, in which the sender claims he is a hit man
>> contracted to kill the recipient, but for a price he will not carry
>> out the murder.  Full headers are below (with recipient's username
>> supressed by request).  The user has also reported this to the FBI.
>>
>> The message demands that the recipient send a response to
>> "final.bulletpoint360 at gmail.com".
>>
>> -------- Original Message --------
>> Return-Path:    <redbulletpoint.1 at klikni.cz>
>> X-Original-To:  xxx at caltech.edu
>> Received:       from fire-dog.its.caltech.edu (fire-dog
>> [192.168.1.4]) by
>> earth-ox-postvirus (Postfix) with ESMTP id C4F0B1BC77 for
>> <xxx at caltech.edu>; Tue, 27 May 2008 03:42:01 -0700 (PDT)
>> Received:       from ag-out-0708.google.com (ag-out-0708.google.com
>> [72.14.246.248]) by water-ox.its.caltech.edu (Postfix) with ESMTP id
>> EFAD21BA77 for <xxx at caltech.edu>; Tue, 27 May 2008 03:41:58 -0700
>> (PDT)
>> Received:       by ag-out-0708.google.com with SMTP id
>> 8so2985600agc.0 for
>> <xxx at caltech.edu>; Tue, 27 May 2008 03:41:58 -0700 (PDT)
>> Received:       by 10.90.103.3 with SMTP id
>> a3mr1414933agc.112.1211884870218;
>> Tue, 27 May 2008 03:41:10 -0700 (PDT)
>> Received:       by 10.90.83.5 with HTTP; Tue, 27 May 2008 03:41:10
>> -0700 (PDT)
>> Message-ID:
>> <ced2a0070805270341v10ce85a2q78e8396c8d2cadbd at mail.gmail.com>
>> Date:   Tue, 27 May 2008 12:41:10 +0200
>> From:   ANTHONIO BENITO <redbulletpoint.1 at klikni.cz>
>> Subject:        SOMEONE YOU CALL YOUR FRIEND, WANTS YOU DEAD.
>> MIME-Version:   1.0
>> Content-Type:   multipart/alternative;
>> boundary="----=_Part_12012_15314810.1211884870212"
>> To:     undisclosed-recipients:;
>> X-Spam-Scanned:         at Caltech-ITS on fire-dog by amavisd-2.4.5
>> X-Spam-Score:   2.996
>> X-Spam-Level:   **
>> X-Spam-Status:  No, score=2.996 tagged_above=-10000 required=5
>> tests=[DK_POLICY_SIGNSOME=0.001, HTML_10_20=0.945,
>> HTML_MESSAGE=0.001,
>> SUBJ_ALL_CAPS=1.166, UNDISC_RECIPS=0.883]
>>
>>
>>
>>
>>
>>
>> --
>> RuthAnne Bevier
>> Information Security
>> California Institute of Technology
>> 626-395-2671
>> ruthanne at caltech.edu
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> _______________________________________________
>>

-- 
RuthAnne Bevier
Information Security
California Institute of Technology   
626-395-2671
ruthanne at caltech.edu

More information about the nsp-security mailing list