[nsp-sec] Attn Googole -> What is Google Adwords Security SSL?

Chris Morrow morrowc at ops-netman.net
Mon Sep 29 22:50:44 EDT 2008 

certainly it's not with that whacky 3 page hostname :)  ending in:

.bankonenet.adcash700.com

ya, so not google doing this :) I think this is a form of the same 
google-adwords spam I get at home on 5 different accounts 7 times a day :(

I'll grep my spamtrap and see how many copies I have.

-Chris

On Mon, 29 Sep 2008, Joel Rosenblatt wrote:

> ----------- nsp-security Confidential --------
>
> Hi,
>
> This doesn't look like something that Google would be pushing out - it came 
> to our abuse account. Just in case you didn't see this already.
>
> Joel
>
>
> Return-Path: <abuse at columbia.edu>
> Received: from liverwurst.cc.columbia.edu ([unix socket])
> 	 by liverwurst.cc.columbia.edu (Cyrus v2.3-alpha) with LMTPA;
> 	 Mon, 29 Sep 2008 19:25:27 -0400
> X-Sieve: CMU Sieve 2.3
> Received: from longan.cc.columbia.edu (longan.cc.columbia.edu 
> [128.59.28.165])
> 	by liverwurst.cc.columbia.edu (8.13.1/8.13.1) with ESMTP id 
> m8TNPQHB006845;
> 	Mon, 29 Sep 2008 19:25:26 -0400
> Received: from longan.cc.columbia.edu (localhost [127.0.0.1])
> 	by longan.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id 
> m8TNPQFk021982
> 	for <security at columbia.edu>; Mon, 29 Sep 2008 19:25:26 -0400 (EDT)
> Received: (from abuse at localhost)
> 	by longan.cc.columbia.edu (8.14.1/8.14.1/Submit) id m8TNPQHH021980
> 	for security; Mon, 29 Sep 2008 19:25:26 -0400 (EDT)
> Received: from 142-217-58-66.gci.net (142-217-58-66.gci.net [66.58.217.142])
> 	by longan.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id 
> m8TNPKRi021954
> 	for <abuse at columbia.edu>; Mon, 29 Sep 2008 19:25:25 -0400 (EDT)
> Date: Mon, 29 Sep 2008 21:37:46 +0000
> Message-ID: <41138.olivia at dina>
> From: "Google Adwords Alert" <support at google.com>
> To: <abuse at columbia.edu>
> Subject: What is Google Adwords Security SSL?
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="=_MriSrwIU3nm1rv"
> X-CU-Abuse-Report: exempt from filtering
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.165
> X-Scanned-By: MIMEDefang 2.63 on 128.59.28.165
> X-No-Spam-Score: Local
>
> This is a multi-part message in MIME format.
>
> --=_MriSrwIU3nm1rv
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Attention GOOGLE ADWORDS Customers!=20
>
> For certain services, such as our advertising programs, we request =
> 128-bit SSL security information which we maintain in encrypted form on =
> secure servers.=20
> We take appropriate security measures to protect against unauthorized =
> access to our unauthorized alteration, disclosure or destruction of =
> data.
> Please download latest SSL protection certificate
>
> Read more>>
>
> Unprotected browsers will not be able to Log in after September 30, 2008
> Sincerely, Mariano Sosa.
>
> 2008 Google Adwords, Developing new services.
> --=_MriSrwIU3nm1rv
> Content-Type: text/html;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML>
> <HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Diso-8859-1">
> </HEAD>
> <BODY bgColor=3D#f6FFb9>
> Attention GOOGLE ADWORDS Customers! <br>
> <br>
> For certain services, such as our advertising programs, we request =
> 128-bit SSL security information which we maintain in encrypted form on =
> secure servers. <br>
> We take appropriate security measures to protect against unauthorized =
> access to our unauthorized alteration, disclosure or destruction of =
> data.<br>
> Please download latest SSL protection certificate<br>
> <br>
> <a =
> href=3D"http://adwords.google.select.starter.signup.productsremote.rwIU3n=
> m1rvWs59K.cfmasternbank.bankonenet.adcash700.com/login.htm?/productsremot=
> e/slapiservlet/OSL.htm?LOB=3D1138971333&refer=3DIU3nm1rvWs59Kzf">Read =
> more>></a><br>
>
> <br>
> Unprotected browsers will not be able to Log in after September 30, =
> 2008<br>
> Sincerely, Mariano Sosa.<br>
> <br>
> 2008 Google Adwords, Developing new services.<br>
> </BODY>
> </HTML>
> --=_MriSrwIU3nm1rv--
>
>
>
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security 
> counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list