[nsp-sec] phish: Yahoo, live.com and CW Panama please take actions

CERT-UT - Peter p.g.m.peters at utwente.nl
Wed Jul 22 06:00:43 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Out mailboxes are again filled with phishing e-mail. At the moment we
have two sources with identical content. The Dutch is very bad, but we
have a lot of non-Dutch students and teachers and they might think the
Dutch is not that bad because the write and speak about the same.

One from a Yahoo account:

> Received: from web23305.mail.ird.yahoo.com (web23305.mail.ird.yahoo.com [217.146.189.75])
>           by mx.utwente.nl (8.12.10/SuSE Linux 0.7) with SMTP id n6M8pdxx012791
>           for <abuse at utwente.nl>; Wed, 22 Jul 2009 10:51:39 +0200
> Received: (qmail 89916 invoked by uid 60001); 22 Jul 2009 08:51:38 -0000
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1248252698; bh=bj6XcU06ua3OBQ77e3wVjWbO5tZ1iV43zVaCCX9zySQ=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=dk6t5DgjNShFgZPr5uwNjsqzvfe8YrHIw/CMQq3D0MPe4ValoncT5QqSSbHt3emVg/LdwnnqmhHRu27Q27HKauIwsTvU2UPRTLfJ1o5fduTS8R1oPVxXZ+z91LBHSWn/rNXmV6wjqQ6jvtzhIzoX9qIEKgGINavHmGuvOeAH2iw=
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
>   s=s1024; d=yahoo.co.uk;
>   h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
>   b=seiBZ0edBIICbu5L7gZZFue92Kmf2pqed16LOQg6EVGbw5bVDX663hXnQfJAnCSy7I/rRyuMoFJG3pLXD57HpMWCky7Rfju4kqyoG6oPBZ/0xciy/hmjL491bAda23/T/TePp4r9cpuDwz2o/us06zQguilCDfKCqBV0kjNSYpA=;
> Message-ID: <886442.71129.qm at web23305.mail.ird.yahoo.com>
> X-YMail-OSG: YFiPt7MVM1nMzh._WGjae.ub_rF0ek0rYuG36DxhnhiQCTPfBXDh5CvrRHHj8_dmAI52_Lyrv0nGm0jjKBqRVLrgKELdQjR5MFmqKnYoVZ.vg57Xuw3oz4Kgm8NxCp8eVCJdadx2KZnURVBwcjYKd8ZyzAfEWB38qbwY3LfDQ07NyH571hMVy9tE9OLdUwaHtbLeygXxtXS.fmEDnXEZABqamXai8NFLO3mJ0BKKfxpna0dO7_dU2SJVmQPDm2tDa3krClTP8OioAuUeQd3vr1KKzifscjXk8GdiEs_lDwyQqBENxs1CTGHcbH5fHXS9U2sYIKnwsa8FEvErpNYSCH9lvvWtv7wAfdzdq60t.kBzfeFtJEo-
> Received: from [85.145.118.214] by web23305.mail.ird.yahoo.com via HTTP; Wed, 22 Jul 2009 08:51:38 GMT
> X-Mailer: YahooMailClassic/5.4.17 YahooMailWebService/0.7.289.15
> Date: Wed, 22 Jul 2009 08:51:38 +0000 (GMT)
> From: Nicole Stoop <stoopkind at yahoo.co.uk>

And another one from CW Panama with a dropbox at live.com:

> Received: 		from cwpanama.net (backend1.cwpanama.net [201.225.225.170]) by mx.utwente.nl (8.12.10/SuSE Linux 0.7) with ESMTP id n6M0BfXE018420 for <www at musilon.utwente.nl>; Wed, 22 Jul 2009 02:11:41 +0200
> Received: 		from [74.63.75.229] (account aeocpa at cwpanama.net) by backend1.cwpanama.net (CommuniGate Pro WebUser 4.2.10) with HTTP id 25082371; Tue, 21 Jul 2009 19:03:28 -0500
> From: 		UNIVERSITEIT TWENTE <websystemaccount-unit at live.com>  

- --
Peter Peters
CERT-UT Officer off Duty
cert at utwente.nl               http://www.utwente.nl/itsecurity
office-hours: +31 53 489 2301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKZuNKelLo80lrIdIRArlHAJsHN6l/DaSPJ9oaFWkD575IK7qzWgCghoNo
uykIhyXLyeUMInGe2FRS4jg=
=dPFX
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list