[nsp-sec] Gmail account used as dropbox in phish

Chris Morrow morrowc at ops-netman.net
Fri Jan 29 15:20:23 EST 2010 

tco

On Fri, 29 Jan 2010, RuthAnne Bevier wrote:

> ----------- nsp-security Confidential --------
>
> Google, here is a GMail account being used as a drop box in a
> current .edu phish:
>
> Return-Path: salvarez6 at mail.csuchico.edu
> Received: from mtain-dg04.r1000.mx.aol.com
> (mtain-dg04.r1000.mx.aol.com [172.29.65.12]) by
> air-mf09.mail.aol.com (v126.13) with ESMTP id
>        MAILINMF093-8bfb4b63314d1a5; Fri, 29 Jan 2010 14:04:45 -0500
> Received: from outgoing-mail.its.caltech.edu
> (outgoing-mail.its.caltech.edu [131.215.239.19])
>        by mtain-dg04.r1000.mx.aol.com (Internet Inbound) with ESMTP
> id D3551380001B1
>        for <redacted>; Fri, 29 Jan 2010 14:04:39 -0500 (EST)
> Received: by earth-doxen.caltech.edu (Postfix, from userid 60008)
>        id 0F5FA66E4A74; Fri, 29 Jan 2010 11:04:39 -0800 (PST)
> X-Original-To: chacetyd at caltech.edu
> Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
>        by earth-doxen-postvirus (Postfix) with ESMTP id
> C2A3B66E417D
>        for <chacetyd at caltech.edu>; Fri, 29 Jan 2010 11:04:36 -0800
> (PST)
> X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: 0
> X-Spam-Level:
> X-Spam-Status: No, score=0 tagged_above=-10000 required=5
> tests=[none]
>        autolearn=unavailable
> Received: from mail-iw0-f116.google.com (mail-iw0-f116.google.com
> [209.85.223.116])
>        by earth-doxen-external (Postfix) with ESMTP id 841FC66E4766
>        for <chacetyd at caltech.edu>; Fri, 29 Jan 2010 11:04:36 -0800
> (PST)
> Received: by mail-iw0-f116.google.com with SMTP id 14so216333iwn.18
>        for <chacetyd at caltech.edu>; Fri, 29 Jan 2010 11:04:36 -0800
> (PST)
> MIME-Version: 1.0
> Received: by 10.231.148.207 with SMTP id
> q15mt2344279ibv.45.1264791867726;
>        Fri, 29 Jan 2010 11:04:27 -0800 (PST)
> Reply-To: edu.accounthelp at gmail.com
> Date: Fri, 29 Jan 2010 11:04:27 -0800
> Message-ID:
> <844aec021001291104i583fc980rf2cac2f3ef43917b at mail.gmail.com>
> Subject: Email Account Confirmation
> From: Techonlogy Services Help Desk <salvarez6 at mail.csuchico.edu>
> Content-Type: text/plain; charset=ISO-8859-1
> To:
> x-aol-global-disposition: G
> x-aol-sid: 3039ac1d410c4b6331473226
> X-AOL-IP: 131.215.239.19
> X-Mailer: Unknown (No Version)
>
>
> CALIFORNIA INSTITUTE OF TECHNOLOGY EMAIL ACCOUNT UPGRADE
>
> ATTENTION WEBMAIL USER,
>
> <snip>
> --
> RuthAnne Bevier
> Information Security
> California Institute of Technology
> 626-395-2671
> ruthanne at caltech.edu
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list