[nsp-sec] ATTN: Google - phish using Google docs
Jon K. Miyake
miyake at uoregon.edu
Fri Oct 28 16:42:56 EDT 2011
Peter,
> Hitting the "report abuse" link at the bottom is the quickest way to get
> these shuttered.
Unless my memory is getting fuzzy this late in the week, I am of the
belief that I did so on Wednesday. Just to be sure I re-submitted it
again via the "report abuse" link.
What is the general turn around time for take-down on these types of issues?
Thank you,
-miyake
> On Thu, Oct 27, 2011 at 9:14 PM, Jon K. Miyake <miyake at uoregon.edu
> <mailto:miyake at uoregon.edu>> wrote:
>
> ----------- nsp-security Confidential --------
>
> Issues was sent to abuse at google.com <mailto:abuse at google.com> and
> reported via the Docs abuse link
> yesterday. Link is still live as of this evening.
>
> https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ
>
> Thanks,
> -miyake
>
> ----------------------------------------------------------------------
> Return-Path: <helpdesk at uoregon.edu <mailto:helpdesk at uoregon.edu>>
> Received: from pps.reinject (localhost [127.0.0.1])
> by smtp.uoregon.edu <http://smtp.uoregon.edu> (8.14.5/8.14.5)
> with ESMTP id p9Q13UN2000438
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
> verify=NOT);
> Tue, 25 Oct 2011 18:03:30 -0700
> Received: from oh-mserv1 (localhost [127.0.0.1])
> by pps.reinject (8.14.1/8.14.1) with SMTP id p9Q13UA6000432;
> Tue, 25 Oct 2011 18:03:30 -0700
> Received: from flawless.hostnac.com <http://flawless.hostnac.com>
> (flawless.hostnac.com <http://flawless.hostnac.com> [67.23.244.186])
> by smtp.uoregon.edu <http://smtp.uoregon.edu> with ESMTP id
> p9Q13P25000410
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
> verify=NOT);
> Tue, 25 Oct 2011 18:03:29 -0700
> Received: from localhost.localdomain ([127.0.0.1]:33443 helo=localhost)
> by flawless.hostnac.com <http://flawless.hostnac.com> with
> esmtpsa (TLSv1:AES256-SHA:256)
> (Exim 4.69)
> (envelope-from <helpdesk at uoregon.edu
> <mailto:helpdesk at uoregon.edu>>)
> id 1RIrtk-00080l-QU; Tue, 25 Oct 2011 21:03:16 -0400
> Received: from 74.115.6.49 ([74.115.6.49]) by kaspi.edu.az
> <http://kaspi.edu.az> (Horde
> Framework) with HTTP; Tue, 25 Oct 2011 21:03:16 -0400
> Message-ID: <20111025210316.757938pq3i3p0e38 at kaspi.edu.az
> <mailto:20111025210316.757938pq3i3p0e38 at kaspi.edu.az>>
> Date: Tue, 25 Oct 2011 21:03:16 -0400
> From: Helpdesk Office <helpdesk at uoregon.edu
> <mailto:helpdesk at uoregon.edu>>
> To: undisclosed-recipients:;
> Subject: UPDATE YOUR WEBMAIL NOW
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="=_4o1edux9vw2c"
> Content-Transfer-Encoding: 7bit
> User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
> X-AntiAbuse: This header was added to track abuse, please include it
> with any abuse report
> X-AntiAbuse: Primary Hostname - flawless.hostnac.com
> <http://flawless.hostnac.com>
> X-AntiAbuse: Original Domain - uoregon.edu <http://uoregon.edu>
> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
> X-AntiAbuse: Sender Address Domain - uoregon.edu <http://uoregon.edu>
> X-Proofpoint-Virus-Version: vendor=fsecure
> engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
> definitions=2011-10-25_07:2011-10-25,2011-10-25,1970-01-01 signatures=0
> X-Proofpoint-Spam-Reason: safe
>
> This message is in MIME format.
>
> --=_4o1edux9vw2c
> Content-Type: text/plain;
> charset=ISO-8859-1
> Content-Description: Plaintext Version of Message
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
>
>
>
> Dear Webmail User,
>
> With Due respect, The Webmail Technical Crew is Presently Under going
> Account's Update which will help the Webmail service to be very much
> Active
> and better and your Account that has Exceeded it's Quota's. You are
> hereby
> Requested to Update your Account Now in order not to loose your webmail
> Account, To Update your Account now do make sure youClick Here[1]
> UPDATE YOUR WEBMAIL NOW
> Failure to Update your webmail account Now will resolve to Loosing your
> Webmail Account.
> Thanks,
> WEBMAIL TECHNICAL CREW
>
> Links:
> ------
> [1]
> https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ
>
> --=_4o1edux9vw2c
> Content-Type: text/html;
> charset=ISO-8859-1
> Content-Description: HTML Version of Message
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
>
> <p
> class="imp-signature"><!--begin_signature--><!--end_signature--></p>Dear
> Webmail User,<br />
> <div> <br />
> With Due respect, The Webmail Technical Crew is Presently Under
> going<br />
> Account's Update which will help the Webmail service to be very much
> Active<br />
> and better and your Account that has Exceeded it's Quota's. You are
> hereby<br />
> Requested to Update your Account Now in order not to loose your
> webmail<br />
> Account, To Update your Account now do make sure you</div><a
> href="https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ"
> target="_blank" rel="nofollow">Click Here</a><br />UPDATE YOUR WEBMAIL
> NOW<br />
> Failure to Update your webmail account Now will resolve to Loosing
> your<br />
> Webmail Account.<br />
> Thanks,<br />
> WEBMAIL TECHNICAL CREW
> --=_4o1edux9vw2c--
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net <mailto:nsp-security at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________
>
>
>
>
> --
> Peter Moody Google 1.650.253.7306 <tel:1.650.253.7306>
> Security Engineer pgp:0xC3410038
>
--
Sincerely,
Jon K. Miyake
Information Services Sr. IT Policy and Security Administrator
University of Oregon voice #: (541) 346-1635
(541) 346-5837
Computing Center Rm 225
More information about the nsp-security
mailing list