[nsp-sec] Phishing dropbox at gmail

Torsten Voss voss at dfn-cert.de
Mon Mar 22 09:42:48 EDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

yet an other phishing run with an other number in the reply-to address:

desk.help009 at gmail.com

Thanks and regards,
Torsten, AS680



Return-Path: <webmaster at uni-xxx.de>
>  X-Original-To: xxx
>  Delivered-To: xxx
>  Received: by xxx (Postfix, from userid 65534)
>          id 0E35B1F667C; Sat, 20 Mar 2010 19:34:34 +0100 (CET)
>  X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on xxx
>  X-Spam-Level:
>  X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_20 autolearn=ham
>          version=3.2.5
>  Received: from xxx
>          by xxx (Postfix) with ESMTPS id 599001F6677
>          for <xxx>; Sat, 20 Mar 2010 19:34:32 +0100 (CET)
>  Received: by xxx (Postfix)
>          id B5D0E3A23808; Sat, 20 Mar 2010 19:34:31 +0100 (CET)
>  Delivered-To: xxx
>  Received: from olc-11.verat.net (olc-11.verat.net [62.108.127.37])
>          by xxx (Postfix) with ESMTP id 9B92E3A20FDD
>          for <xxx>; Sat, 20 Mar 2010 19:34:31 +0100 (CET)
>  Received: from webmail.verat.net (webmail.verat.net [85.222.160.153])
>          by olc-11.verat.net (Postfix) with ESMTP id DF0CDFC38F;
>          Sat, 20 Mar 2010 19:20:58 +0100 (CET)
>  Received: from 41.206.15.3 (SquirrelMail authenticated user djmaxa)
>          by webmail.verat.net with HTTP; Sat, 20 Mar 2010 19:24:50 +0100 (CET)
>  Message-ID: <32625.41.206.15.3.1269109490.squirrel at webmail.verat.net>
>  Date: Sat, 20 Mar 2010 19:24:50 +0100 (CET)
>  Subject: Dear uni-xxx.de Account User
>  From: =?iso-8859-1?Q?Universit=E4t_xxx_Webmaster?=
>          <webmaster at uni-xxx.de>
>  Reply-To: desk.help009 at gmail.com
>  User-Agent: SquirrelMail/1.4.13
>  MIME-Version: 1.0
>  Content-Type: text/plain;
>    charset=iso-8859-1
>  Content-Transfer-Encoding: 8bit
>  X-Priority: 3 (Normal)
>  Importance: Normal
>  To: undisclosed-recipients:;
>  X-Bogosity: Ham, tests=bogofilter, spamicity=0.035356, version=1.1.7
>  X-UID: 13985
>  X-Length: 3303
>  Status: R
>  X-Status: N
>  X-KMail-EncryptionState:
>  X-KMail-SignatureState:
>  X-KMail-MDN-Sent:


- -- 
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen               https://www.cert.dfn.de/autowarn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEVAwUBS6dz2CXNv0Upg26pAQL5IggArzB8+NGfIsml+gl6OqBNtKMtVzOsMssd
7ZpP/674S0dsIlg3Uj8G/rbxhlAIuaO/qs2qcaM+oTRoBHrHCjs+OBE/tk+tbokT
Z6eAb8ox6EQ32iLJiBtTRvD6kPLZ6SCm77VqeRPE0ZdJUcT1ftx771lFydXUETUz
1KxbcCAxOgB4nlQub5OQcfa4YKqa9qTU+bTdUHmiVnK4gk1tY26PghCCaCnDPR81
zS923sCTnPgcHVr1pNLvt6bjHxRhSAhtxjXIJ69ZQlyrhxy7My7QAIY7CipG6Oqs
BLzNZvWCWVlflNXJnDuF2IoYXh0iFHiI9BIGv1G1Op149NyTyFGG2g==
=nGuo
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list