[nsp-sec] ATTN Google, spreadsheet phish

Peter Moody pmoody at google.com
Tue Dec 13 18:28:32 EST 2011 

ack (and it's gone).

On Tue, Dec 13, 2011 at 3:19 PM, RuthAnne Bevier <ruthanne at caltech.edu> wrote:
> ----------- nsp-security Confidential --------
>
> Site is https://docs.google.com/spreadsheet/viewform?formkey=dE1DdmdSTV9wSEJpOS1jNnEyUjRXbHc6MQ
>
> Abuse reported a couple of times.  Sample with full headers below:
>
> Return-Path: <simmonsmi at xavier.edu>
> X-Original-To: greg.grasmehr at caltech.edu
> Received: from imap-server.its.caltech.edu [131.215.239.27]
>        by dakine with IMAP (fetchmail-6.3.20)
>        for <greg at localhost> (single-drop); Tue, 13 Dec 2011 04:28:51 -0800 (PST)
> Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
>        by earth-doxen-postvirus (Postfix) with ESMTP id A76C466E00DA;
>        Tue, 13 Dec 2011 04:28:00 -0800 (PST)
> X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: 1.576
> X-Spam-Level: *
> X-Spam-Status: No, score=1.576 tagged_above=-10000 required=5
>        tests=[HTML_MESSAGE=0.001, PBJ_RCV_UNKNOWN=0.3, RDNS_NONE=1.274,
>        SINGLE_HEADER_1K=0.001] autolearn=disabled
> Received: from smtp1.xavier.edu (unknown [205.133.178.251])
>        by earth-doxen-external (Postfix) with ESMTP id 32CC266E00CB;
>        Tue, 13 Dec 2011 04:24:31 -0800 (PST)
> Received: from EVS1.xavier.local ([192.153.34.201]) by
> nocsmtp01.xavier.local
>        ([192.153.34.206]) with mapi; Tue, 13 Dec 2011 07:14:16 -0500
> From: "Simmons, Martha" <simmonsmi at xavier.edu>
> Date: Tue, 13 Dec 2011 07:14:16 -0500
> Subject: Reactivate your mailbox
> Thread-Topic: Reactivate your mailbox
> Thread-Index: AQHMuZC7hIYEStBjP0Gt8oufv9XTew==
> Message-ID: <82636A0BB65F69419C0775DBD622B44B577085CFB0 at EVS1.xavier.local>
> Accept-Language: en-US
> Content-Language: en-US
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> acceptlanguage: en-US
> x-tm-as-product-ver: SMEX-10.0.0.1459-6.800.1017-18578.004
> x-tm-as-result: No--40.719400-8.000000-31
> x-tm-as-user-approved-sender: No
> x-tm-as-user-blocked-sender: No
> Content-Type: multipart/alternative;
>        boundary="_000_82636A0BB65F69419C0775DBD622B44B577085CFB0EVS1xavierloc_"
> MIME-Version: 1.0
> To: undisclosed-recipients: ;
>
> Dear User,
>
> Your mailbox have been compromised and also have exceeded its storage limit
> set by the administrator, you may not be able to send or receive new mail
> until you Re-activate your mailbox. To Re-activate your mailbox please
> ClickHere<https://docs.google.com/spreadsheet/viewform?formkey=dE1DdmdSTV9wSEJpOS1jNnEyUjRXbHc6MQ>
>
>
>
> Thanks
> System Administrator
>
>
>
> --
> RuthAnne Bevier
> Director, Information Security
> California Institute of Technology
> ruthanne at caltech.edu
> 626-395-2671
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list