[nsp-sec] ATTN MSN Hotmail, phishing drop box

Mon Sep 6 11:53:54 EDT 2010

Hi

Account username and password phishing drop box (notice at info.al) at the
info.al domain:

abuse at abuse:~$ host -t mx info.al
info.al mail is handled by 0 807967713.pamx1.hotmail.com.

: Return-path: notice at webmaster.com
: Envelope-to: aedwards at abuse.noc.uk.easynet.net
: Delivery-date: Mon, 06 Sep 2010 16:21:29 +0100
: Received: from int0.mail.uk.easynet.net ([212.135.11.36])
: 	by abuse.noc.uk.easynet.net with esmtp (Exim 4.63)
: 	(envelope-from <notice at webmaster.com>)
: 	id 1OsdVg-0002kg-Uh
: 	for aedwards at abuse.noc.uk.easynet.net; Mon, 06 Sep 2010 16:21:28 +0100
: Received: from mailfilter4.mail.uk.easynet.net ([212.135.6.205])
: 	by int0.mail.uk.easynet.net with esmtp (Exim 4.50)
: 	id 1OsdVY-0000Un-UJ; Mon, 06 Sep 2010 16:21:20 +0100
: Received: from gretchen.univ-orleans.fr ([194.167.30.87])
: 	by mailfilter4.mail.uk.easynet.net with esmtp (Exim 4.69)
: 	(envelope-from <notice at webmaster.com>)
: 	id 1OsdVY-0002Rt-Dk; Mon, 06 Sep 2010 16:21:20 +0100
: Received: from localhost (localhost [127.0.0.1])
: 	by gretchen.univ-orleans.fr (Postfix) with ESMTP id 9C8D94C38A;
: 	Mon,  6 Sep 2010 17:21:20 +0200 (CEST)
: Received: from gretchen.univ-orleans.fr ([127.0.0.1])
: 	by localhost (gretchen.univ-orleans.fr [127.0.0.1]) (amavisd-new, port
: 	10024) with ESMTP id xKQMupSuZjs9; Mon,  6 Sep 2010 17:21:20 +0200
: 	(CEST)
: Received: from univ-orleans.fr (repartiteur.univ-orleans.fr [194.167.30.199])
: 	by gretchen.univ-orleans.fr (Postfix) with ESMTP id C91564C03C;
: 	Mon,  6 Sep 2010 17:21:18 +0200 (CEST)
: Received: from repartiteur.univ-orleans.fr (repartiteur.univ-orleans.fr
: 	[194.167.30.199]) by webmailper.univ-orleans.fr (Horde MIME library)
: 	with HTTP; Mon, 06 Sep 2010 17:21:11 +0200
: Message-ID: <20100906172111.xhepzma2gwco4o8o at webmailper.univ-orleans.fr>
: Date: Mon, 06 Sep 2010 17:21:11 +0200
: From: Webmail Internet Security Services Center <notice at webmaster.com>
: Reply-to: notice at info.al
: To: undisclosed-recipients: ;
: Subject: WARNING NOTICE E-mail User
: MIME-Version: 1.0
: Content-Type: text/plain;
: 	charset=ISO-8859-1;
: 	DelSp="Yes";
: 	format="flowed"
: Content-Disposition: inline
: Content-Transfer-Encoding: quoted-printable
: User-Agent: Internet Messaging Program (IMP) H3 (4.1.6)
: X-Sent-For-Filtering: yes
: X-Easyfilter-Spam-Score: 1.1
: X-Easyfilter-Spam-Report: tests=
: 	* -0.8 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
: 	*      [score: 0.0000]
: 	*  1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76
: 	chars *  0.5 FROM_NOT_REPLY From: and Reply-To: have different domains
: Delivered-To: anthony.edwards at uk.easynet.net
: X-int0-test-Delivered-To: anthony.edwards at uk.easynet.net
: 
: Dear E-mail User,
: 
: We have temporarily limited all access to sensitive account features in all
: Webmail accounts. In order to restore your account access, you need to  
: reply to
: this email immediately with your username and password to avoid deactivation.
: 
: Full Name:
: Email ID:
: Email Password:
: Confirm Password :
: 
: Due to much junk/spam emails you receive daily, we are currently upgrading all
: email accounts spam filter to limit unsolicited emails for security  
: reasons and
: to upgrade our newly improved Webmail/E-mail Account features to ensure you
: donot expe rience service interruption.
: 
: You must reply to this email immediately and enter both your user name and
: password in the space provided to enable us upgrade your E-mail Account
: properly.
: 
: A confirmtion link will be send to you for the Re-Activation of your e-mail
: Account, as soon as we received your response and you are to Click on
: the "Confirm E-mail" link on your mail Account box and then enter this
: confirmation number: 1265-6778-8250-8393-5727.
: 
: Thanks For Your Understanding.
: Warning Code:VX2G99AAJ
: 
: Thanks,
: Webmail Administrator
: Technical Support Copyright © 2010 Webmaster All right reserved

Anthony Edwards

-- 
Anthony Edwards
anthony.edwards at sns.bskyb.com
Abuse Team Manager  -  Sky Network Services
DDI: 0161 888 3507