[nsp-sec] ATTN Google, another phish dropbox at webmail.alert212 at gmail.com

Peter Moody pmoody at google.com
Tue Sep 13 14:22:40 EDT 2011 

ack.

I'm taking these two reports in one morning from caltech to mean that the
spreadsheets aren't working as well anymore.

I *might* be just a little overly optimistic.

On Tue, Sep 13, 2011 at 11:11 AM, RuthAnne Bevier <ruthanne at caltech.edu>wrote:

> ----------- nsp-security Confidential --------
>
> Here is another one, webmail.alert212 at gmail.com.  Sample data below.
>
> From webmail.alert212 at gmail.com Tue Sep 13 05:10:57 2011
> Return-Path: <webmail.alert212 at gmail.com>
> X-Original-To: ruthanne at caltech.edu
> Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
>        by earth-doxen-postvirus (Postfix) with ESMTP id 8B03266E07C2
>        for <ruthanne at caltech.edu>; Tue, 13 Sep 2011 05:10:57 -0700 (PDT)
> X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
> X-Spam-Flag: NO
> X-Spam-Score: -3.2
> X-Spam-Level:
> X-Spam-Status: No, score=-3.2 tagged_above=-10000 required=5
>        tests=[DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001,
> RCVD_IN_DNSWL_LOW=-1,
>        SNF4SA=-2.199, SPF_PASS=-0.001] autolearn=disabled
> Received: from mail-bw0-f45.google.com (mail-bw0-f45.google.com
> [209.85.214.45])
>        by earth-doxen-external (Postfix) with ESMTP id 6D97F66E07C4
>        for <ruthanne at caltech.edu>; Tue, 13 Sep 2011 05:10:52 -0700 (PDT)
> Received: by mail-bw0-f45.google.com with SMTP id zv15so664276bkb.18
>        for <ruthanne at caltech.edu>; Tue, 13 Sep 2011 05:10:52 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>        d=gmail.com; s=gamma;
>        h=mime-version:date:message-**id:subject:from:to:content-**type;
>        bh=CTs+**GHi68SAaO7g0XhjlHb72qOU5bSgQIV**/+KE5wDw4=;
>        b=**Qp4jSu13cfxczaZp6BExjKfsPAVZDp**cjBF/FgNRXwn9OftCtQLqDAA1UrFj/*
> *G64cgJ
>         Up7YdCEkvO8+F5NGG6IjYAW7Cy/**eBVmckmNIaQ4KWGX+**
> MCZEk5bZhwwgYk69D8ezM/8W
>         5MC0Mcqy+**0zhX1UPA2DGqxHYfybc0pleQ4kHA=
> MIME-Version: 1.0
> Received: by 10.204.132.133 with SMTP id b5mr2052782bkt.343.**
> 1315915851960;
>  Tue, 13 Sep 2011 05:10:51 -0700 (PDT)
> Received: by 10.204.77.206 with HTTP; Tue, 13 Sep 2011 05:10:51 -0700 (PDT)
> Date: Tue, 13 Sep 2011 13:10:51 +0100
> Message-ID: <CAG8CYFwpTwhHM3XaD8m1_**g8CoKga1zure5NQmXGuFjXtTPnTww@**
> mail.gmail.com<CAG8CYFwpTwhHM3XaD8m1_g8CoKga1zure5NQmXGuFjXtTPnTww at mail.gmail.com>
> >
> Subject: Dear WebMail Subscriber
> From: System Administrators <webmail.alert212 at gmail.com>
> To: undisclosed-recipients:;
> Content-Type: text/plain; charset=ISO-8859-1
>
> Dear WebMail Subscriber,
>
> We would like to inform you that we are currently carrying out
> scheduled maintenance and upgrade of our webmail service and as a
> result our email client has been changed and your original password
> will be reset. We are sorry for any inconvenience caused.
>
> To complete your webmail account, you must reply to this email
> immediately and enter your
> <snip>
>
>
>
> --
> RuthAnne Bevier
> Director, Information Security
> California Institute of Technology
> ruthanne at caltech.edu
> 626-395-2671
>
>
> ______________________________**_________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/nsp-security<https://puck.nether.net/mailman/listinfo/nsp-security>
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> ______________________________**_________________
>



-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list