[nsp-sec] ATTN Google, accountverifiers2414 at googlemail.com used as a phish dropbox

Peter Moody pmoody at google.com
Tue Sep 13 13:47:05 EDT 2011 

ack.

On Tue, Sep 13, 2011 at 10:20 AM, RuthAnne Bevier <ruthanne at caltech.edu>wrote:

> ----------- nsp-security Confidential --------
>
> In case this one hasn't been reported yet, accountverifiers2414@**
> googlemail.com <accountverifiers2414 at googlemail.com> is being used in a
> return-mail phish.  Sample below:
>
>  X-Original-To: man at caltech.edu
>>                                                   X-Spam-Scanned: at
>> Caltech-IMSS on fire-doxen by amavisd-new
>>                             X-Spam-Flag: NO
>>
>>  X-Spam-Score: -2.696
>>                                                 X-Spam-Level:
>>
>>                    X-Spam-Status: No, score=-2.696 tagged_above=-10000
>> required=5
>>   tests=[DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, PBJ_FRM_NUM1=0.6,
>>                                                  RCVD_IN_DNSWL_LOW=-1,
>> SNF4SA=-2.295, SPF_PASS=-0.001]
>>                          autolearn=unavailable
>>
>>  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>>                                                        d=googlemail.com;
>> s=gamma;
>>                             h=mime-version:date:message-**
>> id:subject:from:to:content-**type;
>>                         bh=CTs+**GHi68SAaO7g0XhjlHb72qOU5bSgQIV**/+KE5wDw4=;
>>
>> b=ACC2tsh3Ina1QZs+**zMD28Km9YCVgXvGIgz4mJMXzxxTW5y**NOGpdpEg4tO4IB2BHfou
>>                                                        /**
>> hDMlkRpOijYq4HGQaqk42i9B0IVmPT**TqO0fAV5cpiqglWiSAoCsprqhjw0vf**BxP7tPv
>>                                                     gBVc/**
>> wJm7A6w4QIvIlF1i3SxUgAxhs1bybr**jc=
>>                                      Date: Tue, 13 Sep 2011 12:23:38 +0100
>>
>>        Subject: Dear WebMail Subscriber
>>                                                       From: System
>> Adminstrators <accountverifiers2414@**googlemail.com<accountverifiers2414 at googlemail.com>>
>>                                                           To:
>> undisclosed-recipients:;
>>
>>
>>              Dear WebMail Subscriber,
>>
>>
>>                                We would like to inform you that we are
>> currently carrying out
>>       scheduled maintenance and upgrade of our webmail service and as a
>>                                                      result our email client
>> has been changed and your original password
>>
> <snip>
>
>
> --
> RuthAnne Bevier
> Director, Information Security
> California Institute of Technology
> ruthanne at caltech.edu
> 626-395-2671
>
>
> ______________________________**_________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/nsp-security<https://puck.nether.net/mailman/listinfo/nsp-security>
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> ______________________________**_________________
>



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list