[nsp-sec] Google to the WCP - spreadsheet phish

Chris Morrow morrowc at ops-netman.net
Tue Sep 20 13:26:54 EDT 2011 


On 09/20/11 12:33, Daniel Robert Adinolfi wrote:
> ----------- nsp-security Confidential --------
> 
> Googlefolks,
> 
> I have clicked the "Report Abuse" link on this one three times since
> 09:00 EDT today.  As of 12:30 EDT, the spreadsheet is still active.
> Can you go bonk some heads?
> 

we can, though ... sadly there's a 24hr SLA on clicking the report-abuse
link :( which on the one hand is nice, on the other still kinda sucks :(

> <https://docs.google.com/spreadsheet/viewform?formkey=dHMxcDR2LWtKb0VtdVBUT1BQcmdLQ3c6MQ>
>
>  Thanks.
> 
> -Dan AS26
> 
> 
> Received: from CASHUB01.exchange.cornell.edu (10.16.197.20) by 
> CASHUB09.exchange.cornell.edu (10.16.197.28) with Microsoft SMTP
> Server (TLS) id 14.1.323.3; Tue, 20 Sep 2011 08:53:35 -0400 Received:
> from soapstone1.mail.cornell.edu (128.253.83.143) by 
> CASHUB01.exchange.cornell.edu (10.16.197.20) with Microsoft SMTP
> Server id 8.3.159.3; Tue, 20 Sep 2011 08:53:35 -0400 Received: from
> localhost.localdomain (mirage.mail.cornell.edu [128.253.83.157])	by
> soapstone1.mail.cornell.edu (8.14.4/8.14.4) with ESMTP id
> p8KCrajR010208	for <dra1 at cornell.edu>; Tue, 20 Sep 2011 08:53:36
> -0400 (EDT) Received: from mirage.mail.cornell.edu	by
> mirage.mail.cornell.edu with queue id 48052-21	for dra1 at cornell.edu;
> Tue, 20 Sep 2011 12:53:15 GMT Received: from
> rubidium.mailguard.com.au (rubidium.mailguard.com.au 
> [174.133.41.139])	by mirage.mail.cornell.edu with SMTP id
> p8KCrB58015956; Tue, 20 Sep 2011 12:53:15 GMT	(envelope-from
> leh0004 at balwynhs.vic.edu.au) Received: from rubidium.mailguard.com.au
> (localhost.localdomain [127.0.0.1]) by rubidium.mailguard.com.au
> (Postfix) with ESMTP id 55D0B15CB60;	Tue, 20 Sep 2011 22:53:11 +1000
> (EST) Received: from bhs-srv-mail.balwynhs.vic.edu.au (unknown
> [210.8.215.218]) (using TLSv1 with cipher RC4-MD5 (128/128 bits))	(No
> client certificate requested)	by rubidium.mailguard.com.au (Postfix)
> with ESMTPSA id 3991815CBBF;	Tue, 20 Sep 2011 22:52:23 +1000 (EST) 
> Received: from bhs-exchmail2.balwynhs.vic.edu.au 
> ([0000:0000:0000:0000:0000:0000:0.0.0.1]) by
> bhs-srv-mail.balwynhs.vic.edu.au ([172.18.0.21]) with mapi; Tue, 20
> Sep 2011 22:39:43 +1000 From: "LEHMANN, Katherine"
> <LEH0004 at balwynhs.vic.edu.au> Date: Tue, 20 Sep 2011 22:39:41 +1000 
> Subject: Your password will expire in 4days Thread-Topic: Your
> password will expire in 4days Thread-Index:
> AQHMd5Jejy+vB3UYKk6+ooJpNGpffA== Message-ID:
> <473A7127A2713940B25FA866106C06A041C090955A at bhs-exchmail2.balwynhs.vic.edu.au>
>
> 
Accept-Language: en-US, en-AU
> Content-Language: en-AU X-MS-Has-Attach: X-MS-TNEF-Correlator: 
> acceptlanguage: en-US, en-AU Content-Type: multipart/alternative; 
> boundary="_000_473A7127A2713940B25FA866106C06A041C090955Abhsexchmail2b_"
>
> 
X-MailGuard-UID: 4e788c875ca250c8
> X-MailGuard-ID: 4e788cb54e6adb X-Filtered: by MailGuard - visit
> http://www.mailguard.com.au X-PMX-CORNELL-SPAM-CHECKED: Mirage 
> X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379,
> Antispam-Data: 2011.9.20.124517 X-Original-Sender:
> leh0004 at balwynhs.vic.edu.au - Tue Sep 20 08:53:17 2011 
> X-PMX-CORNELL-REASON: CU_User_Override User Opted Out To: Undisclosed
> recipients:; Return-Path: leh0004 at balwynhs.vic.edu.au 
> X-Additional-Recipients-Added: 1 
> X-MS-Exchange-Organization-AuthSource: CASHUB01.exchange.cornell.edu 
> X-MS-Exchange-Organization-AuthAs: Anonymous 
> X-Additional-Recipients-Added: 1 
> X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0 
> MIME-Version: 1.0
> 
> --_000_473A7127A2713940B25FA866106C06A041C090955Abhsexchmail2b_ 
> Content-Type: text/plain; charset="iso-8859-1" 
> Content-Transfer-Encoding: quoted-printable
> 
> Your password will expire in 4days. To avoid losing your email
> account, you= should immediately click here to
> validate<https://docs.google.com/spreadsh= 
> eet/viewform?formkey=3DdHMxcDR2LWtKb0VtdVBUT1BQcmdLQ3c6MQ> your
> mailbox and= increase your quota.
> 
> Failure to
> validate<https://docs.google.com/spreadsheet/viewform?formkey=3D= 
> dHMxcDR2LWtKb0VtdVBUT1BQcmdLQ3c6MQ> your quota may result in loss of
> import= ant information in your mailbox/or cause limited access to
> it.
> 
> Thanks Help Desk
> 
> ________________________________ Important - This email and any
> attachments may be confidential. If received= in error, please
> contact us and delete all copies. Before opening or using= 
> attachments check for viruses and defects. Regardless of loss, damage
> or c= onsequence, whether caused by negligence of the sender or not,
> resulting di= rectly or indirectly from the use of any attached files
> our liability is li= mited to resupplying and affected attachments.
> Any representatives or opini= ons expressed are those of the
> individual sender, and not necessarily those= of Balwyn High School. 
> --=20 Message  protected by MailGuard: e-mail anti-virus, anti-spam
> and content f= iltering.http://www.mailguard.com.au/mg
> 
> 
> --_000_473A7127A2713940B25FA866106C06A041C090955Abhsexchmail2b_ 
> Content-Type: text/html; charset="iso-8859-1" 
> Content-Transfer-Encoding: quoted-printable
> 
> <html dir=3D"ltr"><head> <meta http-equiv=3D"Content-Type"
> content=3D"text/html; charset=3Diso-8859-= 1"> <style
> id=3D"owaTempEditStyle"></style><style title=3D"owaParaStyle"><!--P
> = { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } --></style> </head> <body
> ocsi=3D"x"> <div style=3D"FONT-FAMILY: Tahoma; DIRECTION: ltr; COLOR:
> #000000; FONT-SIZ= E: 13px"> <div id=3D"mpf0_readMsgBodyContainer"
> class=3D"ReadMsgBody" onclick=3D"retu= rn
> Control.invoke('MessagePartBody','_onBodyClick',event,event);"> <div
> id=3D"mpf0_MsgContainer" class=3D"SandboxScopeClass ExternalClass"> 
> <div dir=3D"ltr">Your password will expire in 4days. To avoid losing
> your e= mail account, you should immediately <a
> href=3D"https://docs.google.com/spreadsheet/viewform?formkey=3DdHMxcDR2L=
>
> 
WtKb0VtdVBUT1BQcmdLQ3c6MQ" target=3D"_blank">
> <em><font color=3D"#366092">click here to validate</font></em></a>
> your mai= lbox and increase your quota.<br>  <br> Failure to <a
> href=3D"https://docs.google.com/spreadsheet/viewform?formkey= 
> =3DdHMxcDR2LWtKb0VtdVBUT1BQcmdLQ3c6MQ" target=3D"_blank"> <em><font
> color=3D"#366092">validate</font></em></a> your quota may result = in
> loss of important information in your mailbox/or cause limited access
> to= it.<br> <br> Thanks<br> Help Desk</div> </div> </div> </div> 
> <br> <hr> <font face=3D"Arial" color=3D"Gray" size=3D"1">Important -
> This email and a= ny attachments may be confidential. If received in
> error, please contact us= and delete all copies. Before opening or
> using attachments check for virus= es and defects. Regardless of
> loss, damage or consequence, whether caused by negligence of the
> sender or not, resulti= ng directly or indirectly from the use of any
> attached files our liability = is limited to resupplying and affected
> attachments. Any representatives or = opinions expressed are those
> of the individual sender, and not necessarily those of Balwyn High
> School.<br=
>> 
> </font> </body> </html> <br><p>Message  protected by MailGuard:
> e-mail anti-virus, anti-spam and co= ntent filtering.<br><a
> href=3D"http://www.mailguard.com.au/mg">http://www.m= 
> ailguard.com.au/mg</a></p> <!-- MailGuard Message ID: 4e788cb54e6adb
> - use this number for reporting -= ->  <br> <br>=
> 
> --_000_473A7127A2713940B25FA866106C06A041C090955Abhsexchmail2b_--
> 
> 
> 
> _______________________________________________ nsp-security mailing
> list nsp-security at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures. 
> _______________________________________________

More information about the nsp-security mailing list