[nsp-sec] ATTN: Google - phish using Google docs

Peter Moody pmoody at google.com
Fri Oct 28 16:46:47 EDT 2011 

On Fri, Oct 28, 2011 at 1:42 PM, Jon K. Miyake <miyake at uoregon.edu> wrote:

> Peter,
>
> > Hitting the "report abuse" link at the bottom is the quickest way to get
> > these shuttered.
>
> Unless my memory is getting fuzzy this late in the week, I am of the
> belief that I did so on Wednesday.  Just to be sure I re-submitted it
> again via the "report abuse" link.
>
> What is the general turn around time for take-down on these types of
> issues?
>

It should be about 24 hours. Weekend reports might take a little longer
IIRC.



> Thank you,
> -miyake
>
> > On Thu, Oct 27, 2011 at 9:14 PM, Jon K. Miyake <miyake at uoregon.edu
> > <mailto:miyake at uoregon.edu>> wrote:
> >
> >     ----------- nsp-security Confidential --------
> >
> >     Issues was sent to abuse at google.com <mailto:abuse at google.com> and
> >     reported via the Docs abuse link
> >     yesterday.  Link is still live as of this evening.
> >
> >
> https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ
> >
> >     Thanks,
> >     -miyake
> >
> >
> ----------------------------------------------------------------------
> >     Return-Path: <helpdesk at uoregon.edu <mailto:helpdesk at uoregon.edu>>
> >     Received: from pps.reinject (localhost [127.0.0.1])
> >            by smtp.uoregon.edu <http://smtp.uoregon.edu> (8.14.5/8.14.5)
> >     with ESMTP id p9Q13UN2000438
> >            (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
> >     verify=NOT);
> >            Tue, 25 Oct 2011 18:03:30 -0700
> >     Received: from oh-mserv1 (localhost [127.0.0.1])
> >            by pps.reinject (8.14.1/8.14.1) with SMTP id p9Q13UA6000432;
> >            Tue, 25 Oct 2011 18:03:30 -0700
> >     Received: from flawless.hostnac.com <http://flawless.hostnac.com>
> >     (flawless.hostnac.com <http://flawless.hostnac.com> [67.23.244.186])
> >            by smtp.uoregon.edu <http://smtp.uoregon.edu> with ESMTP id
> >     p9Q13P25000410
> >            (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
> >     verify=NOT);
> >            Tue, 25 Oct 2011 18:03:29 -0700
> >     Received: from localhost.localdomain ([127.0.0.1]:33443
> helo=localhost)
> >            by flawless.hostnac.com <http://flawless.hostnac.com> with
> >     esmtpsa (TLSv1:AES256-SHA:256)
> >            (Exim 4.69)
> >            (envelope-from <helpdesk at uoregon.edu
> >     <mailto:helpdesk at uoregon.edu>>)
> >            id 1RIrtk-00080l-QU; Tue, 25 Oct 2011 21:03:16 -0400
> >     Received: from 74.115.6.49 ([74.115.6.49]) by kaspi.edu.az
> >     <http://kaspi.edu.az> (Horde
> >     Framework) with HTTP; Tue, 25 Oct 2011 21:03:16 -0400
> >     Message-ID: <20111025210316.757938pq3i3p0e38 at kaspi.edu.az
> >     <mailto:20111025210316.757938pq3i3p0e38 at kaspi.edu.az>>
> >     Date: Tue, 25 Oct 2011 21:03:16 -0400
> >     From: Helpdesk Office <helpdesk at uoregon.edu
> >     <mailto:helpdesk at uoregon.edu>>
> >     To: undisclosed-recipients:;
> >     Subject: UPDATE YOUR WEBMAIL NOW
> >     MIME-Version: 1.0
> >     Content-Type: multipart/alternative;
> >     boundary="=_4o1edux9vw2c"
> >     Content-Transfer-Encoding: 7bit
> >     User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
> >     X-AntiAbuse: This header was added to track abuse, please include it
> >     with any abuse report
> >     X-AntiAbuse: Primary Hostname - flawless.hostnac.com
> >     <http://flawless.hostnac.com>
> >     X-AntiAbuse: Original Domain - uoregon.edu <http://uoregon.edu>
> >     X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
> >     X-AntiAbuse: Sender Address Domain - uoregon.edu <http://uoregon.edu
> >
> >     X-Proofpoint-Virus-Version: vendor=fsecure
> >     engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
> >     definitions=2011-10-25_07:2011-10-25,2011-10-25,1970-01-01
> signatures=0
> >     X-Proofpoint-Spam-Reason: safe
> >
> >     This message is in MIME format.
> >
> >     --=_4o1edux9vw2c
> >     Content-Type: text/plain;
> >     charset=ISO-8859-1
> >     Content-Description: Plaintext Version of Message
> >     Content-Disposition: inline
> >     Content-Transfer-Encoding: 7bit
> >
> >
> >
> >     Dear Webmail User,
> >
> >     With Due respect, The Webmail Technical Crew is Presently Under going
> >     Account's Update which will help the Webmail service to be very much
> >     Active
> >     and better and your Account that has Exceeded it's Quota's. You are
> >     hereby
> >     Requested to Update your Account Now in order not to loose your
> webmail
> >     Account, To Update your Account now do make sure youClick Here[1]
> >     UPDATE YOUR WEBMAIL NOW
> >     Failure to Update your webmail account Now will resolve to Loosing
> your
> >     Webmail Account.
> >     Thanks,
> >     WEBMAIL TECHNICAL CREW
> >
> >     Links:
> >     ------
> >     [1]
> >
> https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ
> >
> >     --=_4o1edux9vw2c
> >     Content-Type: text/html;
> >     charset=ISO-8859-1
> >     Content-Description: HTML Version of Message
> >     Content-Disposition: inline
> >     Content-Transfer-Encoding: 7bit
> >
> >     <p
> >
> class="imp-signature"><!--begin_signature--><!--end_signature--></p>Dear
> >     Webmail User,<br />
> >      <div> <br />
> >     With Due respect, The Webmail Technical Crew is Presently Under
> >     going<br />
> >     Account's Update which will help the Webmail service to be very much
> >     Active<br />
> >     and better and your Account that has Exceeded it's Quota's. You are
> >     hereby<br />
> >     Requested to Update your Account Now in order not to loose your
> >     webmail<br />
> >     Account, To Update your Account now do make sure you</div><a
> >     href="
> https://docs.google.com/spreadsheet/viewform?formkey=dGhGTVpkSlV2YlRsdGpCaExWcFpBUlE6MQ
> "
> >     target="_blank" rel="nofollow">Click Here</a><br />UPDATE YOUR
> WEBMAIL
> >     NOW<br />
> >     Failure to Update your webmail account Now will resolve to Loosing
> >     your<br />
> >     Webmail Account.<br />
> >     Thanks,<br />
> >     WEBMAIL TECHNICAL CREW
> >     --=_4o1edux9vw2c--
> >
> >
> >
> >
> >     _______________________________________________
> >     nsp-security mailing list
> >     nsp-security at puck.nether.net <mailto:nsp-security at puck.nether.net>
> >     https://puck.nether.net/mailman/listinfo/nsp-security
> >
> >     Please do not Forward, CC, or BCC this E-mail outside of the
> >     nsp-security
> >     community. Confidentiality is essential for effective Internet
> >     security counter-measures.
> >     _______________________________________________
> >
> >
> >
> >
> > --
> > Peter Moody      Google    1.650.253.7306 <tel:1.650.253.7306>
> > Security Engineer  pgp:0xC3410038
> >
>
>
> --
> Sincerely,
> Jon K. Miyake
>
> Information Services    Sr. IT Policy and Security Administrator
> University of Oregon    voice #:       (541) 346-1635
>                                       (541) 346-5837
>                              Computing Center Rm 225
>



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list