[nsp-sec] Phishing form at AS2914
Tino Steward
tsteward at us.ntt.net
Thu Jan 27 12:57:29 EST 2011
Gabriel,
This was sent to our customer today. It should be down shortly
tino
On Thu, Jan 27, 2011 at 08:52:21AM -0500, Gabriel Iovino wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can someone at NTT take a look at the following:
>
> > hxxp://ayemman.com/upgrade/secured/index.htm
> > hxxp://ayemman.com/
>
> We first saw this and reported it to <abuse at ntt.net> on (15 Dec 2010
> 13:40:09 -0600) but unfortunaly didn't provide a lot of supporting
> information.
>
> At that time it was an iframe at the following URL:
>
> > hxxp://pulsix.com/vrmn
>
> The message body of the Phishing email was this:
>
> > To ensure quick, responsive e-mail services, it is necessary to establish l=
> > imits on the amount of e-mail each user may store on the system. The volume=
> > of e-mail you are storing on the Central e-mail system is now exceeding yo=
> > ur normal space allocation. To request for more storage space on your webma=
> > il account, simply click here<hxxp://pulsix.com/vrmn>
>
> Yesterday we got another report of ayemman.com used in a Phishing scheme
> but did not get any supporting details. If I get some, I'll be sure to
> pass them along.
>
> > dig ayemman.com +short
> > 207.57.109.18
>
> > AS | IP | AS Name
> > 2914 | 207.57.109.18 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
>
> Thanks
>
> Gabe
>
> - --
> Gabriel Iovino
> Principal Security Engineer, REN-ISAC
> http://www.ren-isac.net
> 24x7 Watch Desk +1(317)278-6630
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk1BeJUACgkQwqygxIz+pTvKJgCfVIf8sbHMHt5EWFkAKC2j9ePf
> yvUAmwSbJIo/SZRMW0jxZSK6Mf98UJDk
> =pkc8
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
--
Tino T. Steward SNA1 - Security & Abuse tsteward at us.ntt.net
NTT Communications Global IP Network Operations Center
214-853-7344 (Ph.) 214.800.7771 (Fax)
AUP online: http://www.nttamerica.com/legal/internet/acceptable_policy.html
AUP online: http://www.ntt.net/library/pdf/AUP.pdf
Check http://www.cert.org for some of the latest documented exploits and your OS manufacturer for the latest security patches.
Intruder detection: http://www.cert.org/tech_tips/intruder_detection_checklist.html
Latest viruses: http://www.cert.org
Recovering from a compromised host: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. NTT America makes no warranty that this email is error or virus free. Thank you.
More information about the nsp-security
mailing list