[nsp-sec] Spear phish against syr.edu with msn.com dropbox

Mark Kasten mkasten at microsoft.com
Fri May 1 12:34:31 EDT 2009 

Bill,

This account has been closed.  I would recommend trying to send these to abuse at hotmail.com.  You can also see some info at http://postmaster.hotmail.com, though that doesn't pertain specifically to phishing.  If abuse at hotmail.com isn't working, Monika and I are more than willing to continue to pass these along.  But, I would like to know if normal channels don't work for you all, so that we can continue to help drive improvements.  

Thanks!!

Mark



> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Bill Owens
> Sent: Friday, May 01, 2009 5:21 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Spear phish against syr.edu with msn.com dropbox
> 
> ----------- nsp-security Confidential --------
> 
> verify_09 at msn.com is a dropbox and needs some hammering.
> 
> Sorry to bother the whole list - I couldn't find a direct mailbox at
> msn.com for phishing reports. If one of our Microsoft people will tell
> me, I'll be sure to engrave it somewhere for future reference ;)
> 
> Thanks,
> Bill.
> 
> - - -
> Bill Owens
> Director, Advanced Technology and Networks
> NYSERNet, Inc.
> 
> ----- Forwarded message from SU Webmail Support team <helpdesk at syr.edu>
> -----
> 
> Return-Path: <helpdesk at syr.edu>
> X-Original-To: owens at nysernet.org
> Delivered-To: owens at basin.nysernet.org
> Received: from basin.nysernet.org [199.109.38.14]
> 	by cookiemonster.nysernet.org with POP3 (fetchmail-6.3.8)
> 	for <owens at localhost> (single-drop); Fri, 01 May 2009 07:43:00 -
> 0400 (EDT)
> Received: from localhost (localhost [127.0.0.1])
> 	by basin.nysernet.org (Postfix) with ESMTP id 392D9C181FD
> 	for <owens at nysernet.org>; Fri,  1 May 2009 07:41:38 -0400 (EDT)
> X-Virus-Scanned: amavisd-new at nysernet.org
> Received: from basin.nysernet.org ([127.0.0.1])
> 	by localhost (basin.nysernet.org [127.0.0.1]) (amavisd-new, port
> 10024)
> 	with ESMTP id KcjNraU6y0Vu for <owens at nysernet.org>;
> 	Fri,  1 May 2009 07:41:31 -0400 (EDT)
> Received: from olc-14.verat.net (olc-14.verat.net [62.108.127.40])
> 	by basin.nysernet.org (Postfix) with ESMTP id 9428BC181E7
> 	for <owens at nysernet.org>; Fri,  1 May 2009 07:41:31 -0400 (EDT)
> Received: from webmail.verat.net (webmail.verat.net [85.222.160.153])
> 	by olc-14.verat.net (Postfix) with ESMTP id A1B16C054A;
> 	Fri,  1 May 2009 13:34:42 +0200 (CEST)
> Received: from 196.220.10.179
>         (SquirrelMail authenticated user dgavrilo)
>         by webmail.verat.net with HTTP;
>         Fri, 1 May 2009 13:41:23 +0200 (CEST)
> Message-ID: <4901.196.220.10.179.1241178083.squirrel at webmail.verat.net>
> Date: Fri, 1 May 2009 13:41:23 +0200 (CEST)
> Subject: Please Verify Your SU Webmail Account
> From: "SU Webmail Support team" <helpdesk at syr.edu>
> Reply-To: verify_09 at msn.com
> User-Agent: SquirrelMail/1.4.13
> MIME-Version: 1.0
> Content-Type: text/plain;charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> Importance: Normal
> To: undisclosed-recipients:;
> X-SpamBouncer: 2.2 (Procmail 3.22 Fix) (04/16/06)
> X-SBPass: NoBounce
> X-SBScore: 0 (Spam Threshold: 20) (Block Threshold: 5)
> X-SBClass: OK
> X-Folder: Default
> Status: RO
> Content-Length: 491
> Lines: 18
> 
> 
> Dear SU Webmail User,
> 
> To verify your SU webmail account, you must reply to this email
> immediately and enter the following informations below to enable us
> commence routine maintainance and upgrade;
> 
> SU NetID:
> Password:
> 
> Failure to do this will immediately render your email address
> deactivated
> from our database.
> 
> We apologise for any inconveniences, but trust you understand that our
> primary concern is for our customers to be totally secure.
> 
> Sincerely,
> THE SYR.EDU WEBMAIL SUPPORT TEAM.
> 
> ----- End forwarded message -----
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

More information about the nsp-security mailing list