[nsp-sec] ATTN Google, another phish dropbox at webmail.alert212 at gmail.com
Peter Moody
pmoody at google.com
Tue Sep 13 15:51:24 EDT 2011
On Tue, Sep 13, 2011 at 12:20 PM, Gabriel Iovino <giovino at ren-isac.net>wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 9/13/2011 2:22 PM, Peter Moody wrote:
> > I'm taking these two reports in one morning from caltech to mean
> > that the spreadsheets aren't working as well anymore.
> >
> > I *might* be just a little overly optimistic.
>
> I saw two spreadsheets used yesterday :(
>
they both appear to be down already, so I stand by my cautious optimism. :)
the quickest way to get the spreadsheet phishes killed is to click the
report abuse link at the bottom.
>
> First:
>
> > Date: Mon, 12 Sep 2011 20:26:15 -0400 Message-ID:
> > <E558439EAEA10146B3C3453ECD983DCD01F76799 at wssuex01>
> > X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CONFIRM NOW OR
> > LOOSE YOUR WEBMAIL ACCOUNT From: "Simrel, Carol"
> > <simrelc at wssu.edu> Precedence: bulk
> >
> > This is a multi-part message in MIME format.
> >
> > ------_=_NextPart_001_01CC71AB.BFDDB8EB Content-Type: text/plain;
> > charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
> >
> > Dear Web-Mail User,
> >
> > We have discovered that hackers have developed a program for
> > hacking = into our users' Web-Mail accounts without passwords. They
> > use these = Web-Mail accounts to send scam mails, and for other
> > on-line crimes. = Therefore, we want to delete all Web-Mail
> > accounts that are affected. = Please click on the link below to
> > confirm that you are an active, = unaffected user. Only this will
> > prevent your Web-Mail account from being = deleted!
> >
> > Click Here =
> > <hxxps://
> docs.google.com/spreadsheet/viewform?formkey=3DdGdnTGc3VFNHZjVOQ=
> >
> >
> zVKRUlRSXFJWGc6MQ>=20
>
> Second:
>
> > Date: Mon, 12 Sep 2011 03:55:04 -0400 From: "Casandra Tripp"
> > <ctripp at pitt.k12.nc.us> Subject: RE-ACTIVATE YOUR MAIL ACCOUNT!
> >
> > Dear Mail User; Your Mailbox Has Exceeded The Storage Limit As Set
> > By the Administrator.Cli= ck Here: To Re-Validate Your Mailbox.
> > Thanks, WebMail HelpDesk
> >
> > (hxxps://docs.google.com/spreadsheet/viewform?formkey=3DdF9UcTIzRE=
> >
> >
> pfeU0wZEdkaEd2MnpjQXc6MQ")
>
> Gabe
>
> - --
> Gabriel Iovino
> Principal Security Engineer, REN-ISAC
> http://www.ren-isac.net
> 24x7 Watch Desk +1(317)278-6630
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAk5vrOgACgkQwqygxIz+pTs4bACeLOuerpNl+JpfRr+m/ITeh39x
> tloAnAt5o4IkoS1vifWgd4klYPx/MbMN
> =MlGh
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list