[nsp-sec] ATTN Google, spreadsheet phish

RuthAnne Bevier ruthanne at caltech.edu
Tue Dec 13 18:29:55 EST 2011 

Wow, that was fast -- I'd just looked at it before I sent the message.  Much appreciated.

On Tue, Dec 13, 2011 at 03:28:32PM -0800, Peter Moody wrote:
> ack (and it's gone).
> 
> On Tue, Dec 13, 2011 at 3:19 PM, RuthAnne Bevier <ruthanne at caltech.edu> wrote:
> > ----------- nsp-security Confidential --------
> >
> > Site is https://docs.google.com/spreadsheet/viewform?formkey=dE1DdmdSTV9wSEJpOS1jNnEyUjRXbHc6MQ
> >
> > Abuse reported a couple of times.  Sample with full headers below:
> >
> > Return-Path: <simmonsmi at xavier.edu>
> > X-Original-To: greg.grasmehr at caltech.edu
> > Received: from imap-server.its.caltech.edu [131.215.239.27]
> >        by dakine with IMAP (fetchmail-6.3.20)
> >        for <greg at localhost> (single-drop); Tue, 13 Dec 2011 04:28:51 -0800 (PST)
> > Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
> >        by earth-doxen-postvirus (Postfix) with ESMTP id A76C466E00DA;
> >        Tue, 13 Dec 2011 04:28:00 -0800 (PST)
> > X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
> > X-Spam-Flag: NO
> > X-Spam-Score: 1.576
> > X-Spam-Level: *
> > X-Spam-Status: No, score=1.576 tagged_above=-10000 required=5
> >        tests=[HTML_MESSAGE=0.001, PBJ_RCV_UNKNOWN=0.3, RDNS_NONE=1.274,
> >        SINGLE_HEADER_1K=0.001] autolearn=disabled
> > Received: from smtp1.xavier.edu (unknown [205.133.178.251])
> >        by earth-doxen-external (Postfix) with ESMTP id 32CC266E00CB;
> >        Tue, 13 Dec 2011 04:24:31 -0800 (PST)
> > Received: from EVS1.xavier.local ([192.153.34.201]) by
> > nocsmtp01.xavier.local
> >        ([192.153.34.206]) with mapi; Tue, 13 Dec 2011 07:14:16 -0500
> > From: "Simmons, Martha" <simmonsmi at xavier.edu>
> > Date: Tue, 13 Dec 2011 07:14:16 -0500
> > Subject: Reactivate your mailbox
> > Thread-Topic: Reactivate your mailbox
> > Thread-Index: AQHMuZC7hIYEStBjP0Gt8oufv9XTew==
> > Message-ID: <82636A0BB65F69419C0775DBD622B44B577085CFB0 at EVS1.xavier.local>
> > Accept-Language: en-US
> > Content-Language: en-US
> > X-MS-Has-Attach:
> > X-MS-TNEF-Correlator:
> > acceptlanguage: en-US
> > x-tm-as-product-ver: SMEX-10.0.0.1459-6.800.1017-18578.004
> > x-tm-as-result: No--40.719400-8.000000-31
> > x-tm-as-user-approved-sender: No
> > x-tm-as-user-blocked-sender: No
> > Content-Type: multipart/alternative;
> >        boundary="_000_82636A0BB65F69419C0775DBD622B44B577085CFB0EVS1xavierloc_"
> > MIME-Version: 1.0
> > To: undisclosed-recipients: ;
> >
> > Dear User,
> >
> > Your mailbox have been compromised and also have exceeded its storage limit
> > set by the administrator, you may not be able to send or receive new mail
> > until you Re-activate your mailbox. To Re-activate your mailbox please
> > ClickHere<https://docs.google.com/spreadsheet/viewform?formkey=dE1DdmdSTV9wSEJpOS1jNnEyUjRXbHc6MQ>
> >
> >
> >
> > Thanks
> > System Administrator
> >
> >
> >
> > --
> > RuthAnne Bevier
> > Director, Information Security
> > California Institute of Technology
> > ruthanne at caltech.edu
> > 626-395-2671
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> > community. Confidentiality is essential for effective Internet security counter-measures.
> > _______________________________________________
> 
> 
> 
> -- 
> Peter Moody      Google    1.650.253.7306
> Security Engineer  pgp:0xC3410038

-- 
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671

More information about the nsp-security mailing list