[nsp-sec] Heads up: consultant.com and Andrews University
SURFcert - Peter
p.g.m.peters at utwente.nl
Thu Mar 19 11:56:42 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
We got a phishing which seemed to be coming from the webmail server at
andrews.edu. Relevant headers:
> Received: from trumpkin.cc.andrews.edu (trumpkin.cc.andrews.edu [143.207.1.81])
> by smtp.utwente.nl (8.12.10/SuSE Linux 0.7) with ESMTP id n2IKVYNG023096;
> Wed, 18 Mar 2009 21:31:34 +0100
> Received: from outbox.cc.andrews.edu (root at outbox.cc.andrews.edu [143.207.1.54])
> by trumpkin.cc.andrews.edu (8.14.3/8.14.3/Debian-6) with ESMTP id n2IKTv34017255
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
> Wed, 18 Mar 2009 16:30:05 -0400
> Received: from webmail0.cc.andrews.edu (root at webmail0.cc.andrews.edu [143.207.1.63])
> by outbox.cc.andrews.edu (8.14.3/8.14.3/Debian-6) with ESMTP id n2IKUaeS009310
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
> Wed, 18 Mar 2009 16:30:36 -0400
> Received: from webmail0.cc.andrews.edu (www-data at localhost.localdomain [127.0.0.1])
> by webmail0.cc.andrews.edu (8.13.8/8.13.8/Debian-3) with ESMTP id n2IKUaHs007479
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
> Wed, 18 Mar 2009 16:30:36 -0400
> Received: (from www-data at localhost)
> by webmail0.cc.andrews.edu (8.13.8/8.13.8/Submit) id n2IKUalY007478;
> Wed, 18 Mar 2009 16:30:36 -0400
> X-Authentication-Warning: webmail0.cc.andrews.edu: www-data set sender to info at utwente.nl using -f
> Received: from 143.207.1.56 (proxying for 203.215.17.58, 203.55.231.100)
> (SquirrelMail authenticated user stewartp)
> by www.andrews.edu with HTTP;
> Wed, 18 Mar 2009 16:30:36 -0400 (EDT)
> Message-ID: <11ed6ed0e368661257c4b1ca851466ee.squirrel at www.andrews.edu>
> Date: Wed, 18 Mar 2009 16:30:36 -0400 (EDT)
Dropbox is at consultant.com:
Reply-To: tech.supp at consultant.com
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJwms6elLo80lrIdIRAlWUAJ9ZAwp92JWY3eZndyNZFa2XcNSIYgCgoIGI
wp9SCOP5YlhNHPo0A2h8W8o=
=Oc5z
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list