[nsp-sec] Attn: Google and USF.edu/REN-ISAC

Peter Moody pmoody at google.com
Fri Sep 9 11:05:47 EDT 2011 

ack.

On Fri, Sep 9, 2011 at 5:25 AM, Daniel Robert Adinolfi <dra1 at cornell.edu>wrote:

> ----------- nsp-security Confidential --------
>
> Google,
>
> Please destroy this spreadsheet:
>
> <
> https://docs.google.com/spreadsheet/viewform?formkey=dEJfcHRmMl80cWMxcG1neXRTUzU4Ync6MQ
> >
>
> I have clicked the "Report Abuse" link for this as well.
>
> USF/REN-ISAC,
>
> USF has a compromised account sending this badness.  <ralicea at usf.edu> is
> probably compromised.
>
> Thanks.
>
> -Dan
> AS26
>
> ______
>
>
> Received: from CASHUB01.exchange.cornell.edu (10.16.197.20) by
> CASHUB09.exchange.cornell.edu (10.16.197.28) with Microsoft SMTP Server
> (TLS)
> id 14.1.323.3; Fri, 9 Sep 2011 07:31:50 -0400
> Received: from orchid.mail.cornell.edu (132.236.56.61) by
> CASHUB01.exchange.cornell.edu (10.16.197.20) with Microsoft SMTP Server id
> 8.3.159.3; Fri, 9 Sep 2011 07:31:49 -0400
> Received: from localhost.localdomain (chestnut.mail.cornell.edu
> [128.253.83.152])       by orchid.mail.cornell.edu (8.14.4/8.14.4) with
> ESMTP id
> p89BVnSA026033  for <dra1 at cornell.edu>; Fri, 9 Sep 2011 07:31:50 -0400
> (EDT)
> Received: from chestnut.mail.cornell.edu        by
> chestnut.mail.cornell.edu with
> queue id 189988548-4    for dra1 at cornell.edu; Fri, 09 Sep 2011 11:31:20
> GMT
> Received: from USFHUB1.forest.usf.edu (usfhub1.forest.usf.edu
> [131.247.80.121])      by chestnut.mail.cornell.edu with SMTP id
> p89BVGmg015571;
>        Fri, 09 Sep 2011 11:31:20 GMT   (envelope-from ralicea at usf.edu)
> Received: from WHUSFCH1.forest.usf.edu (131.247.242.44) by
> USFHUB1.forest.usf.edu (131.247.80.121) with Microsoft SMTP Server (TLS)
> id
> 8.2.255.0; Fri, 9 Sep 2011 07:31:16 -0400
> Received: from USFMAIL3.forest.usf.edu ([fe80::41e9:aa08:4770:29b2]) by
> WHUSFCH1.forest.usf.edu ([131.247.242.44]) with mapi; Fri, 9 Sep 2011
> 07:31:15 -0400
> From: "Alicea, Robert" <ralicea at usf.edu>
> Date: Fri, 9 Sep 2011 07:31:14 -0400
> Subject: Your password will expire in 4days
> Thread-Topic: Your password will expire in 4days
> Thread-Index: AQHMbuP7r0YdRMyMbEq+gnaPy5LjiA==
> Message-ID: <
> A909C247E472794CAC57B37D5AE093DC188B28FC05 at USFMAIL3.forest.usf.edu>
> Accept-Language: en-US
> Content-Language: en-US
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> acceptlanguage: en-US
> Content-Type: multipart/alternative;
>
>  boundary="_000_A909C247E472794CAC57B37D5AE093DC188B28FC05USFMAIL3fores_"
> To: Undisclosed recipients:;
> X-PMX-CORNELL-SPAM-CHECKED: Chestnut
> X-PMX-Version: 5.5.9.388399, Antispam-Engine: 2.7.2.376379, Antispam-Data:
> 2011.9.9.112117
> X-Original-Sender: ralicea at usf.edu - Fri Sep  9 07:31:22 2011
> X-PMX-CORNELL-REASON: CU_User_Override User Opted Out
> Return-Path: ralicea at usf.edu
> X-Additional-Recipients-Added: 1
> X-MS-Exchange-Organization-AuthSource: CASHUB01.exchange.cornell.edu
> X-MS-Exchange-Organization-AuthAs: Anonymous
> X-Additional-Recipients-Added: 1
> X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0
> MIME-Version: 1.0
>
> --_000_A909C247E472794CAC57B37D5AE093DC188B28FC05USFMAIL3fores_
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Your password will expire in 4days. To avoid losing your email account,
> you=
> should immediately click here to validate<
> https://docs.google.com/spreadsh=
> eet/viewform?formkey=3DdEJfcHRmMl80cWMxcG1neXRTUzU4Ync6MQ> your mailbox
> and=
> increase your quota.
> Failure to validate<
> https://docs.google.com/spreadsheet/viewform?formkey=3D=
> dEJfcHRmMl80cWMxcG1neXRTUzU4Ync6MQ> your quota may result in loss of
> import=
> ant information in your mailbox/or cause limited access to it.
> Thanks
> Alicea Robert
> Help Desk
>
> --_000_A909C247E472794CAC57B37D5AE093DC188B28FC05USFMAIL3fores_
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <html dir=3D"ltr"><head>
> <meta http-equiv=3D"Content-Type" content=3D"text/html;
> charset=3Diso-8859-=
> 1">
> <style id=3D"owaTempEditStyle"></style><style title=3D"owaParaStyle"><!--P
> =
> {
>        MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
> }
> --></style>
> </head>
> <body ocsi=3D"x">
> <div style=3D"FONT-FAMILY: Tahoma; DIRECTION: ltr; COLOR: #000000;
> FONT-SIZ=
> E: 13px">
> <div></div>
> <div dir=3D"ltr"><font color=3D"#000000" size=3D"2" face=3D"Tahoma">
> <div dir=3D"ltr"><font color=3D"#000000" size=3D"2" face=3D"Tahoma">
> <div dir=3D"ltr"><font color=3D"#000000" size=3D"2" face=3D"Tahoma">Your
> pa=
> ssword will expire in 4days. To avoid losing your email account, you
> should=
> immediately
> <a href=3D"
> https://docs.google.com/spreadsheet/viewform?formkey=3DdEJfcHRmM=
> l80cWMxcG1neXRTUzU4Ync6MQ">
> <em>click here to validate</em></a> your mailbox and increase your
> quota.</=
> font></div>
> <div dir=3D"ltr"><font color=3D"#000000" size=3D"2"
> face=3D"Tahoma">Failure=
> to<em> </em><a href=3D"
> https://docs.google.com/spreadsheet/viewform?formke=
> y=3DdEJfcHRmMl80cWMxcG1neXRTUzU4Ync6MQ"><em>validate</em></a> your quota
> ma=
> y result in loss of important information in
> your mailbox/or cause limited access to it.<br>
> Thanks</font></div>
> <div dir=3D"ltr"><font color=3D"#000000" size=3D"2" face=3D"Tahoma"><font
> f=
> ace=3D"tahoma">Alicea Robert</font><br>
> Help Desk</font></div>
> </font></div>
> </font></div>
> </div>
> </body>
> </html>
>
> --_000_A909C247E472794CAC57B37D5AE093DC188B28FC05USFMAIL3fores_--
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list