[nsp-sec] Yahoo - phishing dropbox

Torsten Voss voss at dfn-cert.de
Thu May 6 10:00:49 EDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

one of our constituency recieved phishing emails like the attached. The
reply-to address is 'web.mster at yahoo.com'.

Thanks and regards,
Torsten, AS680


- -- 
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski


- -------- Original-Nachricht --------
Return-Path: <info at uni-xxx.de>
Received: from unimail.uni-xxx.de ([unix socket])   by unimail
(Cyrus v2.3.16) with LMTPA;  Wed, 05 May 2010 17:58:56 +0200
X-Sieve: CMU Sieve 2.3
Received: from uni-xxx.de (Uni-xxx.DE
[xxx])    by uni-xxx.de (8.14.4/8.14.4) with ESMTP
id o45FwptB020076;  Wed, 5 May 2010 17:58:56 +0200 (CEST)
X-Brightmail-Tracker: AAAAAA==
X-BrightmailFiltered: true
X-IronPort-AV: E=Sophos;i="4.52,335,1270418400";
d="scan'208";a="42612239"
Received: from smtp3.unl.edu.ar (HELO smtp.unl.edu.ar)
([168.96.132.123])  by uni-xxx.de with ESMTP; 05 May 2010
17:58:52 +0200
Received: from localhost (localhost [127.0.0.1])    by smtp.unl.edu.ar
(Postfix) with ESMTP id 6BBA96E0FA; Wed,  5 May 2010 12:58:49 -0300 (ART)
Received: from smtp.unl.edu.ar ([127.0.0.1])    by localhost
(smtp3.unl.edu.ar [127.0.0.1]) (amavisd-new, port 10024)    with ESMTP id
fovR4LWy-qZZ; Wed,  5 May 2010 12:58:49 -0300 (ART)
Received: from localhost (web1.unl.edu.ar [168.96.132.140]) by
smtp.unl.edu.ar (Postfix) with ESMTP id 43FB16E0F8; Wed,  5 May 2010
12:58:49 -0300 (ART)
Received: from 41.220.68.1 ([41.220.68.1]) by webmail.unl.edu.ar (Horde
MIME library) with HTTP; Wed, 05 May 2010 12:58:48 -0300
Message-ID: <20100505125848.01eybzff8tck4cks at webmail.unl.edu.ar>
Date: Wed, 05 May 2010 12:58:48 -0300
From: TU xxx Universität <info at uni-xxx.de>
Reply-to: web.mster at yahoo.com
To: undisclosed-recipients:;
Subject: Konto aktualisieren!
MIME-Version: 1.0
Content-Type: text/plain;   charset=ISO-8859-1; DelSp="Yes";    format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)

Lieber uni-xxx.de Email Kontoinhaber,

Diese Nachricht stammt von uni-xxx.de Messaging-Zentrum für alle
uni-xxx.de E-Mail-Konto Inhaber.
Es wurde eine Sicherheitslücke auf Ihr Konto und Ihre Privatsphäre
verletzt worden könnten, daher werden
Wir sind derzeit Upgrade Ihres Kontos geben Sie bitte die folgenden
Informationen unter

Bestätigen Sie Ihre E-Mail IDENTITY BELOW
Benutzername: ...............
Email Kennwort:: ................
Geburtsdatum :..........
Land oder Gebiet: ..........

Warnung Code: VX2G99AAJ Dank,
Support Team uni-xxx.de


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEVAwUBS+LLkSXNv0Upg26pAQLmpgf+JwZWnjtJoANTVKZ3PbqHjaTsGvwAo9S8
eJCjIrrIvuLAoC6decnZD3GmNbB85QARw3HPOXLV7vcJgSxfkK+GZwZigXf2PKvI
m4zdzK+lyC/YapYCNswWUbqglgkQ3qx6YBkb8hcADFMcdYo38pDHBJ0obULTfzHV
6R/W8V/BDO2kK6esphZAcpD/XhVH/7bkfRuUSBzWKZdwZbwy1p5dKGKYuw1qBOfk
BCpJQm9eIiMVWMEe79mWvvbDNulCHcpuCgeQOidSeyymGM8R1voRqNnzaevunHNl
1rc6RktYEKXjKwbjsWIJncJ4wcqZuJNSqDGEhQa+vdsmeECnNf/llg==
=6SB2
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list