[nsp-sec] Attention Hotmail I think .. what is xnmsn.com -> Dear Columbia University Webmail Subscriber

Joel Rosenblatt joel at columbia.edu
Mon Jun 21 12:16:21 EDT 2010 

Hi,

One of our physics departments got hit with the spear phish below .. we have not seen the address xnmsn.com used before - but it appears to be sent off to 
hotmail .. can someone please whack the account supporteam at xnmsn.com

Thank you,
Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

Return-Path: <supporteam at xnmsn.com>
Received: from sedna ([unix socket])
	by sedna (Cyrus v2.1.18-IPv6-Debian-2.1.18-1.cal.sarge2) with LMTP; Sun, 20 Jun 2010 22:43:38 -0400
X-Sieve: CMU Sieve 2.2
X-Original-To: limon at astro.columbia.edu
Delivered-To: limon at astro.columbia.edu
Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net [150.101.137.143])
	by sedna.astro.columbia.edu (Postfix) with ESMTP id 5CF2F16F82BC;
	Sun, 20 Jun 2010 22:43:26 -0400 (EDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av//AFZuHkyWZYlhjGdsb2JhbACBQ4FaggOJeoMuG0ddAQEBhz+DUgEBCwsKBxAjiBsBqAyBWAgDAQEVWgEZBwwBjQCCaAUIAQQGBQICAUdacARSgjRMihaCUzsDgSA
X-IronPort-SPAM: SPAM
Received: from bld-mail12.adl6.internode.on.net (HELO localhost) ([150.101.137.97])
 by ipmail05.adl6.internode.on.net with ESMTP; 21 Jun 2010 12:13:25 +0930
MIME-Version: 1.0
X-Mailer: AtMail PHP 5.3
Message-ID: <58579.1277088204 at internode.on.net>
To: <help at columbia.edu>
Reply-To: supporteam at xnmsn.com
Content-Type: multipart/alternative;
	boundary="=_30c165138052be045bfdfa8466a34200"
X-Origin: 94.23.63.133
X-Atmail-Account: hartleygwen at internode.on.net
Date: Mon, 21 Jun 2010 12:13:24 +0930
Subject: Dear Columbia University Webmail Subscriber
From: Columbia University <supporteam at xnmsn.com>
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Sun Jun 20 22:43:37 2010
X-DSPAM-Confidence: 0.6514
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 4c1ed1d9296941804284693

--=_30c165138052be045bfdfa8466a34200
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

=20=20
=20
	Dear Columbia University Webmail Subscriber=20=20
=20
This is to complete the process of checking account last year for the=20
maintanance of your e-mail, you are obliged to reply to this message=20
and enter your ID and password space (******* ) you must do it before=20
the next 48 hours after receiving this e-mail, web mail or your=20
account will be deactivated and deleted from our database.=20=20
=20
Full Name:=20
Webmail User ID:=20
Webmail Password:=20=20
Date of Birth:=20=20
=20
Your account can be monitored,=20
https://cubmail.cc.columbia.edu/horde/imp/login.php [1]=20=20
=20
Thank you for using the Columbia University Webmaill administration=20
of copyright. Credits: Information Management Group Copyright 2010 All=20
rights reserved.=20=20
=20=20
=20
Links:=20
------=20
[1] https://cubmail.cc.columbia.edu/horde/imp/login.php=20
=20
--=_30c165138052be045bfdfa8466a34200
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"

<HTML>=20
<P>Dear Columbia University Webmail Subscriber</P>=20
<P><br>=20
=20
This is to complete the process of checking account last year for the maint=
anance of your e-mail, you are obliged to reply to this message and enter y=
our ID and password space (******* ) you must do it before the next 48 hour=
s after receiving this e-mail, web mail or your account will be deactivated=
and deleted from our database.</P>=20
<P><br>=20
=20
Full Name:<br>=20
=20
Webmail User ID:<br>=20
=20
Webmail Password: <br>=20
=20
Date of Birth:</P>=20
<P><br>=20
=20
Your account can be monitored, <A href=3D"https://cubmail.cc.columbia.edu/h=
orde/imp/login.php">https://cubmail.cc.columbia.edu/horde/imp/login.php</A>=
</P>=20
<P><br>=20
=20
Thank you for using the Columbia University Webmaill administration of copy=
right. Credits: Information Management Group Copyright 2010 All rights rese=
rved.=20
<STYLE> BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }</=
STYLE>=20
<br>=20
=20
</P></HTML>=20
=20
--=_30c165138052be045bfdfa8466a34200--

More information about the nsp-security mailing list