[nsp-sec] ATTN MSN Hotmail, phishing drop boxes

Anthony Edwards anthony.edwards at sns.bskyb.com
Wed Sep 8 10:01:13 EDT 2010 

Hi

Two account username and password phishing dropboxes,
update_account_user111 at live.com & upgradingtest at windowslive.com:

: Return-path: alert at webmaster.com
: Envelope-to: abuse at abuse.noc.uk.easynet.net
: Delivery-date: Tue, 07 Sep 2010 14:03:55 +0100
: Received: from int0.mail.uk.easynet.net ([212.135.11.36])
:         by abuse.noc.uk.easynet.net with esmtp (Exim 4.63)
:         (envelope-from <alert at webmaster.com>)
:         id 1Osxq6-0002mN-E3
:         for abuse at abuse.noc.uk.easynet.net; Tue, 07 Sep 2010 14:03:54
: +0100
: Received: from mailfilter0.mail.uk.easynet.net ([212.135.6.210])
:         by int0.mail.uk.easynet.net with esmtp (Exim 4.50)
:         id 1Osxpy-0004Wd-KV
:         for abuse at easynet.net; Tue, 07 Sep 2010 14:03:46 +0100
: Received: from [187.141.97.59] (helo=correo.isstech.gob.mx)
:         by mailfilter0.mail.uk.easynet.net with smtp (Exim 4.69)
:         (envelope-from <alert at webmaster.com>)
:         id 1Osxpo-0004qe-5a
:         for abuse at easynet.net; Tue, 07 Sep 2010 14:03:46 +0100
: Received: from User (unknown [41.203.64.246])
:         by correo.isstech.gob.mx (Postfix) with ESMTP id E42B5614858;
:         Mon,  6 Sep 2010 06:47:03 -0500 (CDT)
: Reply-To: update_account_user111 at live.com
: From: Webmail Help Desk <alert at webmaster.com>
: Subject: Email Account Update
: Date: Mon, 6 Sep 2010 14:00:48 +0100
: MIME-Version: 1.0
: Content-Type: text/plain;
:         charset="Windows-1251"
: Content-Transfer-Encoding: 7bit
: X-Priority: 3
: X-MSMail-Priority: Normal
: X-Mailer: Microsoft Outlook Express 6.00.2600.0000
: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
: Message-Id: <20100906114703.E42B5614858 at correo.isstech.gob.mx>
: To: undisclosed-recipients: ;
: X-Sent-For-Filtering: yes
: Delivered-To: abuse at uk.easynet.net
: X-int0-test-Delivered-To: abuse at uk.easynet.net
: 
: Dear Subscriber,
: 
: This message was sent automatically by a program on Webmail which
: periodically checks the size of inboxes, where new messages are
: received.
: 
: The program is run weekly to ensure no one's inbox grows too large.
: If your inbox becomes too large, you will be unable to receive new
: email. Just before this message was sent, you had 18 Megabytes (MB)
: or more of messages stored in your inbox on your Webmail. To help
: us re-set your SPACE on our database prior to maintain your INBOX,
: you must reply to this e-mail and enter your
: 
: Current User name ( )
: and Password ( )
: Login Site:www ()
: 
: 
: You will continue to receive this warning message periodically if
: your inbox size continues to be between 18 and 20 MB. If your
: inbox size grows to 20 MB, then a program on Bates Webmail will
: move your oldest email to a folder in your home directory to ensur
: that you will continue to be able to receive incoming email. You
: will be notified by email that this has taken place. If your inbox
: grows to 25 MB, you will be unable to receive new
: email as it will be returned to the sender.
: 
: After you read this message, it is best to REPLY and SAVE it to
: another folder.
: 
: A confirmtion link will be send to you for the Re-Activation of your
: e-mail Account, as soon as we received your response and you are
: to Click on the "Confirm E-mail" link on your mail Account box and t
: hen enter this confirmation number: 1265-6778-8250-8393-5727.
: 
: Thanks For Your Understanding.
: 
: Warning Code:VX2G99AAJ
: 
: Thank you for your cooperation.
: Webmail Help Desk
: Technical Support Copyright 2010.

And:

: Return-path: alert at webmaster.com
: Envelope-to: abuse at abuse.noc.uk.easynet.net
: Delivery-date: Tue, 07 Sep 2010 17:45:14 +0100
: Received: from int0.mail.uk.easynet.net ([212.135.11.36])
:         by abuse.noc.uk.easynet.net with esmtp (Exim 4.63)
:         (envelope-from <alert at webmaster.com>)
:         id 1Ot1II-0000U6-GA
:         for abuse at abuse.noc.uk.easynet.net; Tue, 07 Sep 2010 17:45:14
: +0100
: Received: from mailfilter1.mail.uk.easynet.net ([212.135.6.209])
:         by int0.mail.uk.easynet.net with esmtp (Exim 4.50)
:         id 1Ot1IA-0001IW-55
:         for abuse at easynet.net; Tue, 07 Sep 2010 17:45:06 +0100
: Received: from [187.141.97.59] (helo=correo.isstech.gob.mx)
:         by mailfilter1.mail.uk.easynet.net with smtp (Exim 4.69)
:         (envelope-from <alert at webmaster.com>)
:         id 1Ot1Hu-0008E9-Fx
:         for abuse at easynet.net; Tue, 07 Sep 2010 17:45:00 +0100
: Received: from User (unknown [41.203.64.246])
:         by correo.isstech.gob.mx (Postfix) with ESMTP id 8DD7961553B;
:         Tue,  7 Sep 2010 09:52:19 -0500 (CDT)
: Reply-To: upgradingtest at windowslive.com
: From: Webmail Help Desk <alert at webmaster.com>
: Subject: Email Account Update
: Date: Tue, 7 Sep 2010 17:07:35 +0100
: MIME-Version: 1.0
: Content-Type: text/plain;
:         charset="Windows-1251"
: Content-Transfer-Encoding: 7bit
: X-Priority: 3
: X-MSMail-Priority: Normal
: X-Mailer: Microsoft Outlook Express 6.00.2600.0000
: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
: Message-Id: <20100907145219.8DD7961553B at correo.isstech.gob.mx>
: To: undisclosed-recipients: ;
: X-Sent-For-Filtering: yes
: Delivered-To: abuse at uk.easynet.net
: X-int0-test-Delivered-To: abuse at uk.easynet.net
: 
: Dear Subscriber,
: 
: This message was sent automatically by a program on Webmail which
: periodically checks the size of inboxes, where new messages are
: received.
: 
: The program is run weekly to ensure no one's inbox grows too large.
: If your inbox becomes too large, you will be unable to receive new
: email. Just before this message was sent, you had 18 Megabytes (MB)
: or more of messages stored in your inbox on your Webmail. To help
: us re-set your SPACE on our database prior to maintain your INBOX,
: you must reply to this e-mail and enter your
: 
: Current User name ( )
: and Password ( )
: Login Site:www ()
: 
: 
: You will continue to receive this warning message periodically if
: your inbox size continues to be between 18 and 20 MB. If your
: inbox size grows to 20 MB, then a program on Bates Webmail will
: move your oldest email to a folder in your home directory to ensur
: that you will continue to be able to receive incoming email. You
: will be notified by email that this has taken place. If your inbox
: grows to 25 MB, you will be unable to receive new
: email as it will be returned to the sender.
: 
: After you read this message, it is best to REPLY and SAVE it to
: another folder.
: 
: A confirmtion link will be send to you for the Re-Activation of your
: e-mail Account, as soon as we received your response and you are
: to Click on the "Confirm E-mail" link on your mail Account box and t
: hen enter this confirmation number: 1265-6778-8250-8393-5727.
: 
: Thanks For Your Understanding.
: 
: Warning Code:VX2G99AAJ
: 
: Thank you for your cooperation.
: Webmail Help Desk
: Technical Support Copyright 2010.


Anthony Edwards

-- 
Anthony Edwards
anthony.edwards at sns.bskyb.com
Abuse Team Manager  -  Sky Network Services
DDI: 0161 888 3507

More information about the nsp-security mailing list