[nsp-sec] Peter may have chased the "mailbox settings" folks off Google

[Chris Morrow]

Krista Hickey wrote:
> ----------- nsp-security Confidential --------
> 
> Yeah they're still coming in here albeit things have changed and it
> looks like today's sample is either going for 'if we repeat it enough
> they will click' methodology or someone's got some errors in their
> malware package - how it reads and is formatted below is exactly how
> it came in.

snip

> Received: from KOJEEIIF (unknown [41.252.30.2]) 

go nigera! (snip)

> hxxp://sites.google.com/site/doorwaysss/open.zip


this was disabled when I got to it (now)... so maybe we're doing the
right thing already :)