[nsp-sec] ATTN Google, gmail account used in death threat scam

Peter Moody pmoody at google.com
Thu Dec 8 10:51:37 EST 2011 

ack.

On Thu, Dec 8, 2011 at 7:47 AM, RuthAnne Bevier <ruthanne at caltech.edu>wrote:

> ----------- nsp-security Confidential --------
>
> Haven't seen one of these for a while.  Sample with full headers below.
>  It seems to have been sent through Gmail, b.james4ever at gmail.com:
>
> Return-Path: <b.james4ever at gmail.com>
> Received: by fire-doxen.caltech.edu (Postfix, from userid 60008)
>        id E18182E50C0F; Thu,  8 Dec 2011 05:16:13 -0800 (PST)
> X-Original-To: koracion at caltech.edu
> Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
>        by fire-doxen-postvirus (Postfix) with ESMTP id 739012E502DB
>        for <koracion at caltech.edu>; Thu,  8 Dec 2011 05:16:13 -0800 (PST)
> X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: 1.427
> X-Spam-Level: *
> X-Spam-Status: No, score=1.427 tagged_above=-10000 required=5
>        tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VERIFIED=0,
>        FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
>        SPF_PASS=-0.01, SUBJ_ALL_CAPS=1.625, T_TO_NO_BRKTS_FREEMAIL=0.01,
>        UPPERCASE_75_100=0.5] autolearn=disabled
> Received: from mail-vw0-f45.google.com (mail-vw0-f45.google.com
> [209.85.212.45])
>        by fire-doxen-external (Postfix) with ESMTP id 4BFDA2E50449
>        for <koracion at caltech.edu>; Thu,  8 Dec 2011 05:16:11 -0800 (PST)
> Received: by vbbu11 with SMTP id u11so1786347vbb.18
>        for <koracion at caltech.edu>; Thu, 08 Dec 2011 05:16:10 -0800 (PST)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>        d=gmail.com; s=gamma;
>        h=mime-version:sender:date:x-google-sender-auth:message-id:subject
>         :from:to:content-type;
>        bh=ZWA8ZXr87lgJJLjAPbUX6qG5pvm2GoqZGeUknH1GEY8=;
>        b=ozs56mStePS3qQSYwPPjFK2T0YgIAIMyccA9kzLowmMVsGNAGAKi2Y5DEplOmXd2Ke
>
> pKVJGnuJyZXJ1/ZtWVAoYjg7z+uO0kqMQZz208FZED9A7xQhCy/Px+ScU4JbAb11cbmx
>         uDkUUUuMOmeudhi2ECLjj7fr+ZnPtkuEFQsnE=
> MIME-Version: 1.0
> Received: by 10.52.23.83 with SMTP id k19mr1495061vdf.93.1323350108411;
> Thu,
>  08 Dec 2011 05:15:08 -0800 (PST)
> Sender: b.james4ever at gmail.com
> Received: by 10.220.2.145 with HTTP; Thu, 8 Dec 2011 05:15:08 -0800 (PST)
> Date: Thu, 8 Dec 2011 13:15:08 +0000
> X-Google-Sender-Auth: hKev5q-mjphLA_dVf5T39N9FFOo
> Message-ID:
> <CAGPSUn09=MWn97yy_DJL64v98KG25KgmdGgNi5d--obLTrRJyg at mail.gmail.com>
> Subject: SAD NEWS!!!!
> From: "SIR. SLICE MAX" <slicemaxxx at zmail.com>
> To: undisclosed-recipients:;
> Content-Type: multipart/alternative; boundary=20cf307c9ef8202b0504b394755d
>
> --20cf307c9ef8202b0504b394755d
> Content-Type: text/plain; charset=ISO-8859-1
>
> --
> *Re: YOU NEED TO SAVE YOUR LIVE
>
> Attn:
>
>
> I AM VERY SORRY FOR YOU, IS A PITY THAT THIS IS HOW YOUR LIFE IS GOING TO
> END. MY DUTY AS I AM MAILING YOU NOW IS JUST TO KILL YOU AND I HAVE TO DO
> IT AS I HAVE ALREADY BEEN PAID.
>
>
> SOMEONE YOU CALL A FRIEND WANTS YOU DEAD BY ALL MEANS, AND THE PERSON HAVE
> SPENT A LOT OF MONEY ON THIS, THE PERSON ALSO CAME TO US AND TOLD ME THAT
> HE WANT YOU DEAD AND HE PROVIDED US WITH YOUR NAME, PICTURE AND OTHER
> NECESSARY INFORMATION'S WE NEEDED ABOUT YOU. SO I SENT MY BOYS TO TRACK YOU
> DOWN AND THEY HAVE CARRIED OUT THE NECESSARY
>
> INVESTIGATION NEEDED FOR THE OPERATION ON YOU,  AND THEY HAVE DONE THAT BUT
> I TOLD THEM NOT TO KILL YOU THAT I WILL LIKE TO CONTACT YOU, NOT SINCE
> THEIR FINDINGS SHOWS THAT YOU ARE INNOCENT.
>
>
> I CALLED MY CLIENT BACK AND ASK OF YOUR EMAIL ADDRESS WHICH I DIDN'T TELL
> HIM WHAT I WANTED TO DO WITH IT AND HE GAVE IT TO ME AND I AM USING IT TO
> CONTACT YOU NOW. AS I AM WRITING TO YOU NOW MY MEN ARE MONITORING YOU AND
> THEY ARE TELLING ME EVERYTHING ABOUT YOU.
>
>
> WARNING: DO NOT THINK OF CONTACTING THE POLICE OR EVEN TELL ANYONE BECAUSE
> I WILL KNOW. REMEMBER, SOMEONE WHO KNOWS YOU VERY WELL WANT YOU DEAD! I
> WILL EXTEND IT TO YOUR FAMILY, IN CASE I NOTICE SOMETHING FUNNY.
>
>
> DO NOT COME OUT ONCE IT IS 7:PM UNTIL I MAKE OUT TIME TO SEE YOU OF THE
> DISCUSSION WITH THE PERSON WHO WANT YOU DEAD FOR ANY LEGAL ACTION.
>
> Name: SIR. SLICE MAX
> Email: slicemaxxx at zmail.com <slicexxx at india.com>
> *
>
> --
> RuthAnne Bevier
> Director, Information Security
> California Institute of Technology
> ruthanne at caltech.edu
> 626-395-2671
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list