[nsp-sec] Heads up: consultant.com and Andrews University

Larry Blunk ljb at merit.edu
Thu Mar 19 16:44:35 EDT 2009 


      Andrews University has been contacted regarding the
server/account being used for phishing.

   Regards,
      Larry Blunk
      Merit Network


SURFcert - Peter wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> We got a phishing which seemed to be coming from the webmail server at
> andrews.edu. Relevant headers:
>
>   
>> Received: from trumpkin.cc.andrews.edu (trumpkin.cc.andrews.edu [143.207.1.81])
>>           by smtp.utwente.nl (8.12.10/SuSE Linux 0.7) with ESMTP id n2IKVYNG023096;
>>           Wed, 18 Mar 2009 21:31:34 +0100
>> Received: from outbox.cc.andrews.edu (root at outbox.cc.andrews.edu [143.207.1.54])
>> 	by trumpkin.cc.andrews.edu (8.14.3/8.14.3/Debian-6) with ESMTP id n2IKTv34017255
>> 	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
>> 	Wed, 18 Mar 2009 16:30:05 -0400
>> Received: from webmail0.cc.andrews.edu (root at webmail0.cc.andrews.edu [143.207.1.63])
>> 	by outbox.cc.andrews.edu (8.14.3/8.14.3/Debian-6) with ESMTP id n2IKUaeS009310
>> 	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
>> 	Wed, 18 Mar 2009 16:30:36 -0400
>> Received: from webmail0.cc.andrews.edu (www-data at localhost.localdomain [127.0.0.1])
>> 	by webmail0.cc.andrews.edu (8.13.8/8.13.8/Debian-3) with ESMTP id n2IKUaHs007479
>> 	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
>> 	Wed, 18 Mar 2009 16:30:36 -0400
>> Received: (from www-data at localhost)
>> 	by webmail0.cc.andrews.edu (8.13.8/8.13.8/Submit) id n2IKUalY007478;
>> 	Wed, 18 Mar 2009 16:30:36 -0400
>> X-Authentication-Warning: webmail0.cc.andrews.edu: www-data set sender to info at utwente.nl using -f
>> Received: from 143.207.1.56 (proxying for 203.215.17.58, 203.55.231.100)
>>         (SquirrelMail authenticated user stewartp)
>>         by www.andrews.edu with HTTP;
>>         Wed, 18 Mar 2009 16:30:36 -0400 (EDT)
>> Message-ID: <11ed6ed0e368661257c4b1ca851466ee.squirrel at www.andrews.edu>
>> Date: Wed, 18 Mar 2009 16:30:36 -0400 (EDT)
>>     
>
> Dropbox is at consultant.com:
>
> Reply-To: tech.supp at consultant.com
>
> - --
> Peter Peters
> SURFcert Officer off Duty
> cert at surfnet.nl                            http://cert.surfnet.nl/
> office-hours: +31 302 305 305    emergency (24/7): +31 622 923 564
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJwms6elLo80lrIdIRAlWUAJ9ZAwp92JWY3eZndyNZFa2XcNSIYgCgoIGI
> wp9SCOP5YlhNHPo0A2h8W8o=
> =Oc5z
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list