[nsp-sec] ATTN google, gmail phish dropbox

RuthAnne Bevier ruthanne at caltech.edu
Sun Apr 24 11:37:17 EDT 2011 

Sample with full headers below -- drop box is "school.eduedu at gmail.com".
  
>X-Original-To: man at caltech.edu
>X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
>X-Spam-Flag: NO
>X-Spam-Score: 0.795
>X-Spam-Level:
>X-Spam-Status: No, score=0.795 tagged_above=-10000 required=5
>         tests=[SNF4SA=-1.009, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
>         SUBJ_ALL_CAPS=1.806] autolearn=disabled
>X-Authentication-Warning: localhost.localdomain: apache set sender 
>to ptjkd at mahidol.ac.th using -f
>Date: Sun, 24 Apr 2011 00:26:30 +0700 (ICT)
>Subject: EMAIL ACCOUNT UPGRADE
>From: "Webmail HelpDesk" <ptjkd at mahidol.ac.th>
>Reply-To: school.eduedu at gmail.com
>User-Agent: SquirrelMail/1.4.8
>X-esp: ESP<6>=
>         SHA:<6>
>         SHA_FLAGS:<400>
>         ISC:<0>
>         BAYES:<0>
>         SenderID:<0>
>         DKIM:<0>
>         TS:<0>
>         SIG:<>
>         TRU_spam1: <0>
>         TRU_scam_spam: <0>
>         TRU_money_spam: <0>
>         TRU_profanity_spam: <0>
>         TRU_ru_spamsubj: <0>
>         TRU_medical_spam: <0>
>         TRU_urllinks: <0>
>         TRU_html_image_spam: <0>
>         URL Real-Time Signatures: <0>
>         TRU_freehosting: <0>
>         TRU_watch_spam: <0>
>         TRU_embedded_image_spam: <0>
>         TRU_lotto_spam: <0>
>         TRU_legal_spam: <0>
>         TRU_adult_spam: <0>
>         TRU_stock_spam: <0>
>         TRU_spam2: <0>
>         TRU_playsites: <0>
>         TRU_misc_spam: <0>
>         TRU_marketing_spam: <0>
>         TRU_phish_spam: <0>
>To: undisclosed-recipients:;
>
>EMAIL ACCOUNT UPGRADE
>
>Your E-mail box has reached its maximum limit of 20 GB of storage and
>Your account will be disabled if you do not update
>now.
>
>Educational, To upgrade your account, please fill the form below and 
>follow the
>instructions to upgrade to more
>storage space.
>
>UserName...
>
>Login id....
>
>Password....
>
>Confirm password...
>
>Your account will remain active after you have confirmed your account
>successfully.
>
>educational , Auburn, Alabama 36849
>
>© Copyright 2011 Regulation




-- 
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671

More information about the nsp-security mailing list