[nsp-sec] attn Google, gmail dropbox used in phish

RuthAnne Bevier ruthanne at caltech.edu
Thu Feb 10 18:22:33 EST 2011 

You may know about this one already, since it came in early this
morning PST, but here's the phish with full headers, using
upgradeweb2011 at gmail.com:

>
>From upgradeweb2011 at gmail.com  Thu Feb 10 06:24:53 2011
Return-Path: <upgradeweb2011 at gmail.com>
X-Original-To: help at treqs.caltech.edu
Delivered-To: help at treqs.caltech.edu
Received: from outgoing-mail.its.caltech.edu
(outgoing-mail.its.caltech.edu
[131.215.239.19])
	by jonola.caltech.edu (Postfix) with ESMTP id F275316EF5
	for <help at treqs.caltech.edu>; Thu, 10 Feb 2011 06:24:52
-0800 (PST)
Received: from treqs-delivery.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id 92F902E51043
	for <help at treqs.caltech.edu>; Thu, 10 Feb 2011 06:24:53
-0800 (PST)
X-Mailbox-Line: From upgradeweb2011 at gmail.com  Thu Feb 10 06: 24:53
2011
X-Original-To: aliases at caltech.edu
Delivered-To: aliases at caltech.edu
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
	by fire-doxen-postvirus (Postfix) with ESMTP id 549BB2E51040
	for <aliases at caltech.edu>; Thu, 10 Feb 2011 06:24:53 -0800
(PST)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: 1.391
X-Spam-Level: *
X-Spam-Status: No, score=1.391 tagged_above=-10000 required=5
	tests=[CIT_FORGED_FROM=1.22, CIT_FROM_ADDR=-0.7,
DKIM_SIGNED=0.001,
	DKIM_VERIFIED=-0.001, DK_SIGNED=0.001, FS_GAPPY_2=0.241,
	PBJ_FRM_NUM1=0.6, RCVD_IN_DNSWL_LOW=-1, SNF4SA=-0.776,
	SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.806] autolearn=unavailable
Received: from mail-fx0-f65.google.com (mail-fx0-f65.google.com
[209.85.161.65])
	by fire-doxen-external (Postfix) with ESMTP id DE9332E50BF9
	for <aliases at caltech.edu>; Thu, 10 Feb 2011 06:24:51 -0800
(PST)
Received: by mail-fx0-f65.google.com with SMTP id 18so550749fxm.0
        for <aliases at caltech.edu>; Thu, 10 Feb 2011 06:24:50 -0800
(PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:date:message-id:subject:from
         :content-type:content-transfer-encoding;
        bh=vrBOBdf4WuSE6zsd6CrrL0CngeyYdfVLpkiJmA6vQSA=;
       
b=VKFfADMVjHyECrDgl9oQUoThqG6dc9JyPJ45VNGbR59/VsP3FTXRDFcAMWLbOQTstA
        
xJlqy31AZVv7DIiw1GWAiwq187ih9iJ/9e35gF5Ympnnp04s2Da5DpxTct2kNPKRnfwH
         mNisVsOSbNqNeisWoijlq7QqhPWRRg1h7cu5o=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:content-type
         :content-transfer-encoding;
       
b=kRas0+g7WedprN6QlLuBvCv+AvLAreO0VCAQZFsjAv+IY4wrdl2I7YNX2qcECRbnYB
        
o9vrX+XMIlDUqxkSKBO+eCpwfTJHDcBrcUwxMrB0TTsBDrNww9A3J43Pq14jpAlK3BB1
         KbSA2q0JiPh35aN1mD0Z6d5Gxb5CHmhXg5jKs=
MIME-Version: 1.0
Received: by 10.223.72.12 with SMTP id
k12mt20165387faj.114.1297341807186;
 Thu, 10 Feb 2011 04:43:27 -0800 (PST)
Received: by 10.223.97.6 with HTTP; Thu, 10 Feb 2011 04:43:27 -0800
(PST)
Date: Thu, 10 Feb 2011 04:43:27 -0800
Message-ID:
<AANLkTinJvq7zBWzZnaa+635ykXWH-nK6R8JFd7=7ysiy at mail.gmail.com>
Subject: CALTECH.EDU WEBMAIL TEAM SUPPORT UPDATE/MAINTENANCE OF USER
ACCOUNT
From: "CALTECH.EDU WebMail Upgrade Team" <upgradeweb2011 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
To: undisclosed-recipients:;
X-TBCK-ID: e3f1847af22f3fdfa806f91ea1b45b15
X-TBCK-Status: First;AllClear;0

DEAR CALTECH.EDU USER

Due to the congestion on all caltech.edu Accounts,
CALTECH.EDU WEBMAIL TEAM would be shutting down all unused Accounts.

We will be conducting our regularly scheduled maintenance, to ensure
that
we provide the highest quality in Internet connectivity and services
to
customers. Your connectivity and services with us may be interrupted
for
short periods during the maintenance window.We will also ensure
minimal
disruption to services where possible.

In order to enable us perform quality maintenance on your Internet
access and e-mail service, please you must reply to this e-mail
message
confirming your caltech.edu account details with us.


Do confirm your account details below.
_____________________________________
1. First Name & Last Name:
2. Full Login Email Address:
3. Username:
4. Password:
5. Retype Password:
6. Future Password :
7. Questions or Comments:
_____________________________________

NOTE: Failure to respond to this e-mail message may result to
technical
problems on your Internet access and e-mail service.


YOU ARE REQUIRED TO CONFIRM YOUR WEBMAIL IDENTITY WITH THE WEBMAIL
TEAM BY
SIMPLY REPLYING TO THIS EMAIL WITH THE REQUESTED DETAILS.

Warning!!! Account owners who fails to update his or her account on
receiving this notice might loose his or her account.

Thank you for using caltech.edu.

caltech.edu Support.
CALTECH.EDU WEBMAIL TEAM"
=A92011 All rights reserved
---------------------------------------------------------------------------

>

-- 
RuthAnne Bevier
Information Security
California Institute of Technology   
626-395-2671
ruthanne at caltech.edu

More information about the nsp-security mailing list