[nsp-sec] Attn Gmail: drop box used in phish

RuthAnne Bevier ruthanne at caltech.edu
Tue Jun 1 13:00:42 EDT 2010 

The address solution4all10 at gmail.com is being used in a phish, full
headers and message sample are below.   --RuthAnne

>      
>From szipko at fdu.edu  Tue Jun  1 09:50:34 2010
Return-Path: <szipko at fdu.edu>
X-Original-To: ipoffice at treqs.caltech.edu
Delivered-To: ipoffice at treqs.caltech.edu
Received: from outgoing-mail.its.caltech.edu
(outgoing-mail.its.caltech.edu
[131.215.239.19])
	by jonola.caltech.edu (Postfix) with ESMTP id 0A41816EFC
	for <ipoffice at treqs.caltech.edu>; Tue,  1 Jun 2010 09:50:34
-0700 (PDT)
Received: from treqs-delivery.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id DF9C42E50E3E
	for <ipoffice at treqs.caltech.edu>; Tue,  1 Jun 2010 09:50:33
-0700 (PDT)
X-Mailbox-Line: From szipko at fdu.edu  Tue Jun  1 09: 50:33 2010
X-Original-To: ipoffice at caltech.edu
Delivered-To: ipoffice at caltech.edu
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id 9AF652E50EFF
	for <ipoffice at caltech.edu>; Tue,  1 Jun 2010 09:50:33 -0700
(PDT)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: 3.905
X-Spam-Level: ***
X-Spam-Status: No, score=3.905 tagged_above=-10000 required=5
	tests=[DATE_IN_PAST_06_12=1.854, INVALID_DATE=1.651,
	PBJ_RCV_UNKNOWN=0.3, RDNS_NONE=0.1] autolearn=unavailable
Received: from EXCHANGE.itc.edu (unknown [209.12.5.130])
	by fire-doxen-external (Postfix) with ESMTP id 43B582E50E3E
	for <ipoffice at caltech.edu>; Tue,  1 Jun 2010 09:50:33 -0700
(PDT)
Received: from User ([151.81.193.15]) by EXCHANGE.itc.edu with
Microsoft
SMTPSVC(6.0.3790.3959);
	 Tue, 1 Jun 2010 12:55:30 -0400
Reply-To: <solution4all10 at gmail.com>
From: "Web Administrator"<szipko at fdu.edu>
Date: Tue, 1 Jun 2010 06.46.10 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-WatchGuard-Spam-ID: str=0001.0A090204.4C053A42.01D3,ss=3,sh,fgs=0
X-WatchGuard-Spam-Score: 3, bulk; 0, no virus
X-WatchGuard-Mail-Client-IP: 151.81.193.15
X-WatchGuard-Mail-From: szipko at fdu.edu
Subject: ***BULK*** <ALERTS>Mesage Storage Quota Reached..
X-WatchGuard-AntiVirus: part scanned. clean action=allow
Message-ID: <ITCEXCH01qLpHkatd4g000004dd at EXCHANGE.itc.edu>
X-OriginalArrivalTime: 01 Jun 2010 16:55:30.0650 (UTC)
FILETIME=[3E4D9BA0:01CB01AB]
To: undisclosed-recipients:;
X-TBCK-ID: 1123989ffecbb3f7d6cc62fd6c545e55
X-TBCK-Status: First;AllClear;0

ATTENTION.

Your mailbox has exceeded the storage limit which is 10GB as set by
your
administrator, you are currently running on 10.9GB,you may not be
able to
send or receive new mail until you re-validate your mailbox.

To re-validate your mailbox  please furnish us with the following
details:

Login Username:
Login password: **************

Thanks
System Administrator

>


-- 
RuthAnne Bevier
Information Security
California Institute of Technology   
626-395-2671
ruthanne at caltech.edu

More information about the nsp-security mailing list