[nsp-sec] ATTN: Yahoo - phishing address
Daniel Adinolfi
dra1 at postoffice9.mail.cornell.edu
Fri Mar 27 13:37:31 EDT 2009
Yahoo folks,
Please investigate waltmax67 at yahoo.com. It is the reply-to address to
a phishing attack on our (Cornell's) users.
Original email below.
Thanks.
-Dan
__________
Return-Path: <u.team at cornell.edu>
Received: from postoffice9.mail.cornell.edu ([unix socket])
by postoffice9.mail.cornell.edu (Cyrus v2.1.11) with LMTP; Fri, 27
Mar 2009 12:51:17 -0400
Received: from hermes30.mail.cornell.edu (hermes30.mail.cornell.edu
[132.236.56.55])
by postoffice9.mail.cornell.edu (8.12.10/8.12.6) with ESMTP id
n2RGpD0K007581
for <dra1 at postoffice9.mail.cornell.edu>; Fri, 27 Mar 2009 12:51:14
-0400 (EDT)
Received: (from daemon at localhost)
by hermes30.mail.cornell.edu (8.13.6/8.13.6) id n2RGp2aG022322;
Fri, 27 Mar 2009 12:51:02 -0400 (EDT)
Received: from localhost.localdomain (poppy.mail.cornell.edu
[132.236.56.48])
by hermes30.mail.cornell.edu (8.13.6/8.13.6) with ESMTP id
n2RGp1JZ022278;
Fri, 27 Mar 2009 12:51:02 -0400 (EDT)
Received: from unknown-host
by poppy with queue (Sophos PureMessage Version 5.402) id 69503789-10;
Fri, 27 Mar 2009 16:39:24 GMT
Received: from cjmures.ro [81.196.40.94]
by with SMTP id ;
Fri, 27 Mar 2009 16:39:24 GMT
(envelope-from u.team at cornell.edu)
Received: from mail.cjmures.ro (mail.cjmures.ro [127.0.0.1])
by mail.cjmures.ro (8.14.0/8.14.0) with ESMTP id n2RGBIh4010342;
Fri, 27 Mar 2009 18:11:18 +0200
Received: (from apache at localhost)
by mail.cjmures.ro (8.14.0/8.14.0/Submit) id n2RGBIWo010341;
Fri, 27 Mar 2009 18:11:18 +0200
X-Authentication-Warning: mail.cjmures.ro: apache set sender to u.team at cornell.edu
using -f
Received: from 212.100.250.217 (proxying for 41.204.233.4)
(SquirrelMail authenticated user turism)
by webmail.cjmures.ro with HTTP;
Fri, 27 Mar 2009 18:11:18 +0200 (EET)
Message-ID: <57060.212.100.250.217.1238170278.squirrel at webmail.cjmures.ro
>
Date: Fri, 27 Mar 2009 18:11:18 +0200 (EET)
Subject: UPGRADE YOUR EMAIL ACCOUNT
X-PH: V4.1 at hermes30
From: "CORNELL.EDU UPGRADE TEAM" <u.team at cornell.edu>
Reply-To: waltmax67 at yahoo.com
Bcc:
User-Agent: SquirrelMail/1.4.10a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BitDefender-Scanner: Clean, Agent: BitDefender Milter 3.0.1 on
mail.cjmures.ro, sigver: 7.24444
X-BitDefender-Spam: No (0)
X-BitDefender-SpamStamp: v1, build 2.8.1.64846, rbl score: 0(0), bayes
score: 500(0), pbayes score: 241(0), neunet score: 0(0), flags:
[EXCLAM], total: 0(775)
X-BitDefender-CF-Stamp: none
X-PMX-Version: 5.4.2.338381, Antispam-Engine: 2.6.0.325393, Antispam-
Data: 2009.3.27.162533
X-PMX-CORNELL-SPAM-CHECKED: poppy
Dear cornell.edu e-mail Users,
This message is from sfsu.edu messaging center to all
cornell.edu e-mail owners. We are currently upgrading our
data base and e-mail center. We are deleting all unused
cornell.edu e-mail accounts to create space for new ones.
To prevent your account from closing you have to
update it below so that we will know its an existing
account.
CONFIRM YOUR E-MAIL BELOW:
Name:.................
Email Username :.....
EMAIL Password : ................
Warning!!! E-mail owner who fails to update his or her
e-mail within seven days of receiving this warning will
risk losing his or her e-mail account permanently.
Thank you for your understanding.
cornell.edu Team
cornell.edu BETA.
--
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com
More information about the nsp-security
mailing list