[nsp-sec] ATTN Google, gmail dropbox in phish
Peter Moody
pmoody at google.com
Mon Oct 17 18:55:41 EDT 2011
ack.
On Mon, Oct 17, 2011 at 3:34 PM, RuthAnne Bevier <ruthanne at caltech.edu>wrote:
> ----------- nsp-security Confidential --------
>
> Mailbox is "dedshelp2 at gmail.com".
>
> Here are full headers from a sample message:
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from OUTLOOK.ad.caltech.edu ([131.215.239.3]) by
> rosencrantz.dev.ad.caltech.edu with Microsoft SMTPSVC(6.0.3790.4675);
> Mon, 17 Oct 2011 14:20:51 -0700
> Received: from EX-CASHUB3.ad.caltech.edu ([131.215.85.9]) by
> OUTLOOK.ad.caltech.edu with Microsoft SMTPSVC(6.0.3790.4675);
> Mon, 17 Oct 2011 14:18:43 -0700
> Received: from ex-edge1.caltech.edu (131.215.240.14) by
> EX-CASHUB3.ad.caltech.edu (192.168.40.9) with Microsoft SMTP Server (TLS)
> id
> 14.1.339.1; Mon, 17 Oct 2011 14:18:43 -0700
> Received: from outgoing-mail.its.caltech.edu (131.215.239.19) by
> ex-edge1.caltech.edu (131.215.240.14) with Microsoft SMTP Server id
> 14.1.339.1; Mon, 17 Oct 2011 14:18:42 -0700
> Received: by fire-doxen.caltech.edu (Postfix, from userid 60008) id
> E978932816C; Mon, 17 Oct 2011 14:18:41 -0700 (PDT)
> X-Original-To: chris_yoder at caltech.edu
> Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1]) by
> fire-doxen-postvirus (Postfix) with ESMTP id 669D32E50E98 for
> <chris_yoder at caltech.edu>; Mon, 17 Oct 2011 14:18:38 -0700 (PDT)
> X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: -0.481
> X-Spam-Level:
> X-Spam-Status: No, score=-0.481 tagged_above=-10000 required=5
> tests=[CIT_FORGED_FROM=1.22, CIT_FROM_ADDR=-0.7, DKIM_SIGNED=0.001,
> DKIM_VERIFIED=-0.001, RCVD_IN_DNSWL_LOW=-1, SPF_PASS=-0.001]
> autolearn=unavailable
> Received: from mail-iy0-f173.google.com (mail-iy0-f173.google.com
> [209.85.210.173]) by fire-doxen-external (Postfix) with ESMTP id
> AE99A2E50E86
> for <chris_yoder at caltech.edu>; Mon, 17 Oct 2011 14:18:36 -0700
> (PDT)
> Received: by mail-iy0-f173.google.com with SMTP id l21so8708978iak.18
> for <chris_yoder at caltech.edu>; Mon, 17 Oct 2011 14:18:36 -0700
> (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=gmail.com; s=gamma;
> h=mime-version:date:message-id:subject:from:to:content-type
> :content-transfer-encoding;
> bh=QgNQVuBkJldaWTl2sxWvCLnrTOK6L3ZkvLldimYHmko=;
> b=Uyz4i6DtNQma4Zp9b7Va6KVPc9Cqo78zOQCKDQj2FXVZeIU0XjKVVNmGTQ2I00u384
>
> bylVV4lFQSbreb61yPGKxAbFdTqXqa8i20mNxICMUIrZ/hFGW2thsdpm0024CwndDPMz
> 30a6BFILmTkHEqI0Ud2WBJZaAcY3NMocyjcXo=
> MIME-Version: 1.0
> Received: by 10.231.61.205 with SMTP id u13mr4102214ibh.70.1318880047978;
> Mon,
> 17 Oct 2011 12:34:07 -0700 (PDT)
> Received: by 10.231.167.12 with HTTP; Mon, 17 Oct 2011 12:34:07 -0700 (PDT)
> Date: Mon, 17 Oct 2011 20:34:07 +0100
> Message-ID: <CAAYwz6Mq18au5rvR=
> 8xEsDLr8UddoEwnvytST+2q7WhKY0+QVg at mail.gmail.com>
> Subject: Important! 2011 webmail upgrade to avoid deletion of Email Account
> From: "IMSS Help Desk<help at its.caltech.edu>" <dedshelp2 at gmail.com>
> To: undisclosed-recipients:;
> Content-Type: text/plain; charset="ISO-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Return-Path: dedshelp2 at gmail.com
> X-Brightmail-Tracker: AAAAAgAAAUAAAAFU
> X-OriginalArrivalTime: 17 Oct 2011 21:18:43.0494 (UTC)
> FILETIME=[595A9C60:01CC8D12]
>
>
>
>
>
>
> --
> RuthAnne Bevier
> Director, Information Security
> California Institute of Technology
> ruthanne at caltech.edu
> 626-395-2671
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list