[nsp-sec] Attn Google, another Gmail phish dropbox

Peter Moody pmoody at google.com
Wed Jun 2 19:10:03 EDT 2010 

ack.

On Wed, Jun 2, 2010 at 3:20 PM, RuthAnne Bevier <ruthanne at caltech.edu>wrote:

> ----------- nsp-security Confidential --------
>
> Thanks for your speedy responses to these.  Here's one from today,
> spteam331 at gmail.com.  Full headers and a sample message body are
> below:
>
> >From support at webmail.org  Wed Jun  2 14:59:45 2010
> Return-Path: <support at webmail.org>
> X-Original-To: ipoffice at treqs.caltech.edu
> Delivered-To: ipoffice at treqs.caltech.edu
> Received: from outgoing-mail.its.caltech.edu
> (outgoing-mail.its.caltech.edu
> [131.215.239.19])
>        by jonola.caltech.edu (Postfix) with ESMTP id 794E116EFC
>        for <ipoffice at treqs.caltech.edu>; Wed,  2 Jun 2010 14:59:45
> -0700 (PDT)
> Received: from treqs-delivery.caltech.edu (localhost [127.0.0.1])
>        by earth-doxen-postvirus (Postfix) with ESMTP id
> E6AEF66E0280
>        for <ipoffice at treqs.caltech.edu>; Wed,  2 Jun 2010 14:59:44
> -0700 (PDT)
> X-Mailbox-Line: From SRS0+lFqg+2+webmail.org=support at cworks.com.my
> Wed Jun
>  2 14: 59:44 2010
> X-Original-To: ipoffice at caltech.edu
> Delivered-To: ipoffice at caltech.edu
> Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
>        by earth-doxen-postvirus (Postfix) with ESMTP id
> 99C9A66E02B7
>        for <ipoffice at caltech.edu>; Wed,  2 Jun 2010 14:59:44 -0700
> (PDT)
> X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: 4.197
> X-Spam-Level: ****
> X-Spam-Status: No, score=4.197 tagged_above=-10000 required=5
>        tests=[FORGED_MUA_OUTLOOK=4.199, SPF_HELO_PASS=-0.001,
>        SPF_PASS=-0.001] autolearn=disabled
> Received: from cworks.com.my (cworks.com.my [202.9.101.248])
>        by earth-doxen-external (Postfix) with ESMTP id CAD5766E0280
>        for <ipoffice at caltech.edu>; Wed,  2 Jun 2010 14:59:41 -0700
> (PDT)
> Received: from User (unverified [41.138.185.102])
>        by cworks.com.my (SurgeMail 3.7b8) with ESMTP id 1008722
>        for multiple; Thu, 03 Jun 2010 05:19:57 +0800
> Reply-To: <spteam331 at gmail.com>
> From: "WEBMAIL TECHNICAL SUPPORT"<support at webmail.org>
> Subject: Email account upgrade.
> Date: Wed, 2 Jun 2010 22:19:46 +0100
> MIME-Version: 1.0
> Content-Type: text/plain;
>        charset="Windows-1251"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> X-Server: High Performance Mail Server - http://surgemail.com
> r=1842832036
> Message-ID: <1275513598_2139 at cworkssystember>
> X-Authenticated-User: sales at cworks.com.my
> To: undisclosed-recipients:;
> X-TBCK-ID: cda879f238e8d8a550a822a4cf213854
> X-TBCK-Status: First;AllClear;0
>
>
> Attn. Webmail Users,
>
> We regret to announce to you that we will be doing some vital
> maintenance
> on our Webmail accounts. During this process you might have login
> problems
> in signing into your account, but to prevent this you have to
> confirm your
> account immediately after you receive this notification.
>
> To confirm and to keep your Webmail account active during and after
> this
> process, please reply to this message with the below account
> information's.
> Failure to do this might cause a permanent deactivation of your
> webmail
> account from our database to enable us create more space for
> upcoming
> subscribers.
>
> To confirm your account, send your webmail account stating:
>
> Email Address:
> Password:
>
> Your account shall remain active after we have successfully
> confirmed and
> upgraded your account.
>
> Thank you for your swift response to this notification we apologize
> for any
> inconvenience.
>
> Technical Support
>
> Copyright 2010 - Internet Communications - All Rights Reserved.
>
>
> --
> RuthAnne Bevier
> Information Security
> California Institute of Technology
> 626-395-2671
> ruthanne at caltech.edu
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list