[nsp-sec] ATTN: Yahoo - phishing address

Mon Mar 30 13:47:14 EDT 2009

A reminder to everyone on the list that you can send phishing complaints
directly to our anti-abuse group via phishing-priority at cc.yahoo-inc.com.

Thanks.

-dave

On Mon, Mar 30, 2009 at 12:15:34PM -0300, Rodolfo Baader wrote:
> ----------- nsp-security Confidential --------
> 
> Yahoo folks,
> 
> Please investigate: s.team41 at yahoo.com
> It is the reply-to address to a phishing attack in our constituency (sgp.gov.ar)
> users.
> 
> Original email below.
> 
> Thanks.
> R.
> 
> =====================================================================
> > From - Mon Mar 30 09:41:10 2009
> X-Account-Key: account2
> X-UIDL: UID107400-1098377026
> X-Mozilla-Status: 1001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
>                 Return-Path: <support at sgp.gov.ar>
> X-Original-To: xxxxx at sgp.gov.ar
> Delivered-To: xxxxx at sgp.gov.ar
> Received: from localhost (localhost [127.0.0.1])
>     by eucalipto.sgp.gov.ar (Postfix) with ESMTP id 7851210008;
>     Sun, 29 Mar 2009 20:28:15 -0300 (ART)
> X-Virus-Scanned: Sanitizer mail at sgp.gov.ar
> Received: from eucalipto.sgp.gov.ar ([127.0.0.1])
>     by localhost (eucalipto.sgp.gov.ar [127.0.0.1]) (amavisd-new, port 10024)
>     with ESMTP id gI41ZrX+10qI; Sun, 29 Mar 2009 20:28:15 -0300 (ART)
> Received: from master.uerj.br ([152.92.1.9])
>     by mail.sgp.gov.ar ([200.123.99.195]) (Postfix) with ESMTP id 7851200099;
>     Sun, 29 Mar 2009 20:28:15 -0300 (ART)
> Message-ID: <52745.41.220.75.3.1238369252.squirrel at master.uerj.br>
> Date: Sun, 29 Mar 2009 20:27:32 -0300 (BRT)
> Subject: =?iso-8859-1?Q?ACTUALIZACI=D3N_DE_SU_CUENTA?=
> From: "sgp.gov.ar" <support at sgp.gov.ar>
> Reply-To: s.team41 at yahoo.com
> MIME-Version: 1.0
> Content-Type: text/plain;charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> Importance: Normal
> To: undisclosed-recipients:;
> X-UERJ-MailScanner-From: support at sgp.gov.ar
> 
> Estimado sgp.gov.ar cuenta de correo electr?nico del propietario,
> 
> Este mensaje sgp.gov.ar a todos los propietarios de cuentas de correo
> electr?nico.
> 
> En estos momentos la mejora de nuestra base de datos y cuenta de correo
> electr?nico centro.
> Estamos suprimiendo todos los no utilizados sgp.gov.ar cuenta de correo
> electr?nico para crear m?s espacio para las nuevas accounts.To evitar que
> su cuenta de clausura que tendr? que modificar a continuaci?n a fin de que
> sabremos que
> es en la actualidad, utilizan cuenta.
> 
> Confirmar su identidad por debajo de correo electr?nico e-mail
> Nombre de usuario: ...............
> Contrase?a: ................
> Fecha de nacimiento :.......................
> Pa?s o territorio: ..........
> 
> Advertencia!
> Cuenta propietario que se niega a actualizar su cuenta en un plazo de
> siete d?as de haber recibido esta advertencia perder? su cuenta
> permanentemente. Gracias por utilizar sgp.gov.ar
> Advertencia C?digo: VX2G99AAJ Gracias,
> Equipo de apoyo sgp.gov.ar beta
> 
> 
> ========================================================================
> 
> -- 
> -----------------------------------------------
> ArCERT - http://www.arcert.gov.ar
> 
> Te: (54-11) 4343-9001 int.512/514  |  4345-0383
> Fax:(54-11) 4343-7458
> 
> Av.R. Saenz Pe?a 511 - Of:514
> C1035AAA - Ciudad Autonoma de Buenos Aires
> Argentina
> -----------------------------------------------
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090330/4b0b20b3/attachment-0001.sig>