[nsp-sec] Phishing dropbox at gmail

Peter Moody pmoody at google.com
Mon Mar 15 12:12:42 EDT 2010 

ack.

FYI: related accounts like this are almost always thwacked at the same time,
but I guess it didn't happen this time for some reason.

Cheers,
/peter


On Mon, Mar 15, 2010 at 4:54 AM, Torsten Voss <voss at dfn-cert.de> wrote:

> ----------- nsp-security Confidential --------
>
>
> Hi,
>
> yet an other phishing run with the increased number in the reply-to
> address:
>  "helpdesk.team18 at gmail.com"
>
> last time: "helpdesk.team17 at gmail.com"
>
> Well, I think next week we recieve the number 19 and 20 ;-)
>
> Thanks and regards,
>   Torsten, AS680
>
>
>
> <snip>
> Return-Path: <admin at uni-xxx.de>
>  X-Original-To: xxx
>  Delivered-To: xxx
>  Received: by mail.spamt.net (Postfix, from userid 65534)
>         id 7A61019227B; Sat, 13 Mar 2010 13:00:29 +0100 (CET)
>  X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.spamt.net
>  X-Spam-Level:
>  X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
>         version=3.2.5
>  Received: from olc-12.verat.net (olc-12.verat.net [62.108.127.38])
>         by xxx (Postfix) with ESMTP id B35DF192279
>         for <xxx>; Sat, 13 Mar 2010 13:00:28 +0100 (CET)
>  Received: from webmail.verat.net (webmail.verat.net [85.222.160.153])
>         by olc-12.verat.net (Postfix) with ESMTP id EA8AD127E4C;
>         Sat, 13 Mar 2010 13:04:36 +0100 (CET)
>  Received: from 41.206.15.3 (SquirrelMail authenticated user djmaxa)
>         by webmail.verat.net with HTTP; Sat, 13 Mar 2010 13:00:26 +0100
> (CET)
>  Message-ID: <40229.41.206.15.3.1268481626.squirrel at webmail.verat.net>
>  Date: Sat, 13 Mar 2010 13:00:26 +0100 (CET)
>  Subject: Dear uni-xxx.de Account User
>  From: =?iso-8859-1?Q?Universit=E4t_xxx?= <admin at uni-xxx.de>
>  Reply-To: helpdesk.team18 at gmail.com
>  User-Agent: SquirrelMail/1.4.13
>  MIME-Version: 1.0
>  Content-Type: text/plain;
>   charset=iso-8859-1
>  Content-Transfer-Encoding: 8bit
>  X-Priority: 3 (Normal)
>  Importance: Normal
>  To: undisclosed-recipients:;
>  X-Bogosity: Unsure, tests=bogofilter, spamicity=0.464199, version=1.1.7
>  X-UID: 13812
>  X-Length: 2941
>  Status: R
>  X-Status: N
>  X-KMail-EncryptionState:
>  X-KMail-SignatureState:
>  X-KMail-MDN-Sent:
>
> </snip>
>
> --
> Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40
> 808077-634
>
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-590
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
> Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>
> Automatische Warnmeldungen               https://www.cert.dfn.de/autowarn
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list