[nsp-sec] Google: docs phish

Peter Moody pmoody at google.com
Fri Nov 25 16:15:24 EST 2011 

ack.

On Fri, Nov 25, 2011 at 11:28 AM, Rodolfo Baader <rbaader at arcert.gov.ar>wrote:

> ----------- nsp-security Confidential --------
>
> Hi! .
>
> phish using a Google spreadsheet, at :
>
>
> https://docs.google.com/spreadsheet/viewform?formkey=dGtPaEtqTVE0czQ0Q01tdllNbGNGQlE6MQ
>
> Sample message with full headers below:
> ============================================================
>
> X-Greylist: delayed 1200 seconds by postgrey-1.32 at agni; Fri, 25 Nov 2011
> 09:47:52 GMT+3
> Received: from mail.mda.gov.br (mail.mda.gov.br [200.198.212.41])
>        by famaf.unc.edu.ar (Postfix) with ESMTP id 3C0E420E905;
>        Fri, 25 Nov 2011 09:47:41 -0300 (GMT+3)
> Received: from 74.115.1.97
>        (SquirrelMail authenticated user francisco.filho at mda.gov.br)
>        by mail.mda.gov.br with HTTP;
>        Fri, 25 Nov 2011 10:10:32 -0200 (BRST)
> Message-ID: <62326.74.115.1.97.1322223032.squirrel at mail.mda.gov.br>
> Date: Fri, 25 Nov 2011 10:10:32 -0200 (BRST)
> Subject:   Confirmar su identidad Webmail
> From: francisco.filho at mda.gov.br
> User-Agent: SquirrelMail/1.4.9a
> MIME-Version: 1.0
> Content-Type: text/plain;charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Priority: 3 (Normal)
> Importance: Normal
> To: undisclosed-recipients:;
> X-Virus-Scanned: Debian amavisd-new at mda.gov.br
>
>
> Confirmar su identidad Webmail
>
>  Su buz�n ha superado uno o m�s l�mites de tama�o
>  la del administrador. Usted no puede enviar o recibir correo electr�nico
>  nuevo el tama�o de su buz�n de correo se reducir�. Para tener m�s
>  espacio, por favor haga clic en el enlace de abajo y rellene los datos
>  bajo costo.
>
>  =====>  http://tinyurl.com/cjj6gog
>
> ============================================================
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________




-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list