[nsp-sec] Phishing dropbox at gmail
Peter Moody
pmoody at google.com
Thu Mar 11 11:33:56 EST 2010
ack gmail. it shall be shut with alacrity.
Cheers,
/peter
On Thu, Mar 11, 2010 at 2:15 AM, Torsten Voss <voss at dfn-cert.de> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> one of our constituency recieved phishing emails like the attached. The
> reply-to address is 'helpdesk.team17 at gmail.com'.
>
> Thanks and regards,
> Torsten, AS680
>
>
> Return-Path: <webmaster at uni-xxx.de>
> X-Original-To: xxx
> Delivered-To: xxx
> Received: by xxx (Postfix, from userid 65534)
> id C925CE7DB9; Wed, 10 Mar 2010 15:56:20 +0100 (CET)
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on xxx
> X-Spam-Level:
> X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,NIX_SPAM
> autolearn=no version=3.2.5
> Received: from olc-11.verat.net (olc-11.verat.net [62.108.127.37])
> by xxx (Postfix) with ESMTP id 3E59AA9EFC
> for <xxx>; Wed, 10 Mar 2010 15:56:20 +0100 (CET)
> Received: from webmail.verat.net (webmail.verat.net [85.222.160.153])
> by olc-11.verat.net (Postfix) with ESMTP id 7E843FC6E2;
> Wed, 10 Mar 2010 15:52:17 +0100 (CET)
> Received: from 41.206.15.2 (SquirrelMail authenticated user djmaxa)
> by webmail.verat.net with HTTP; Wed, 10 Mar 2010 15:56:19 +0100
> (CET)
> Message-ID: <12398.41.206.15.2.1268232979.squirrel at webmail.verat.net>
> Date: Wed, 10 Mar 2010 15:56:19 +0100 (CET)
> Subject: Dear uni-xxx.de Account User
> From: =?iso-8859-1?Q?Universit=E4t_xxx?= <webmaster at uni-xxx.de>
> Reply-To: helpdesk.team17 at gmail.com
> User-Agent: SquirrelMail/1.4.13
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> Importance: Normal
> To: undisclosed-recipients:;
> X-Bogosity: Unsure, tests=bogofilter, spamicity=0.493874, version=1.1.7
> X-UID: 13730
> X-Length: 2929
> Status: R
> X-Status: N
> X-KMail-EncryptionState:
> X-KMail-SignatureState:
> X-KMail-MDN-Sent:
>
>
>
> - --
> Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40
> 808077-634
>
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
> Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>
> Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iQEVAwUBS5jCwyXNv0Upg26pAQKyjgf/SPo++BUokBAp4CKHVK2Kz2Oh6C1sjCTY
> oUgUFE9awUUO1L7VGIt8ZpKUANM1o7K2JS0/VEZHyKNPFXlKz0pdQ3d+Sjud2l5N
> dJUkXVmnukjpYeugGm4ZRam2ARYuAt+KiOG+NFYv7Op6mJKpDyRFsN5ci7wI492X
> s6LphDm+nDyBQWvaBoQK4bsbNjUX8UZdM6eEbcwGlnFPcAJRNj7IvDOtrKZlf0bD
> uM/8mm+lhJg3urpXn/f23nZ+r+2BbXbBIK7ZWEvcsFBUzPxHCR5Aul6cDrWLUYRu
> hJd5yIgVo/6/m2FZt1Px2QwerxOl7bFWiXlmpHejGkro/yCrPXS0ow==
> =CY8w
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Network Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list