[nsp-sec] ATTN Microsoft, hotmail dropbox in 419 scam

RuthAnne Bevier ruthanne at caltech.edu
Mon Nov 26 17:02:50 EST 2012 

A compromised user account here was used to send out mail like the following sample.  The user's reply-to address was reset to hlpfundation2 at hotmail.com in his SquirrelMail settings, in addition to being used in the outgoing spam messages and referenced in the message body.

      --RuthAnne

>
Return-Path: <cgardner at caltech.edu>
Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu [131.215.239.19])
        by mtain-me08.r1000.mx.aol.com (Internet Inbound) with ESMTP id F407F38000084;
        Sun, 25 Nov 2012 22:00:29 -0500 (EST)
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
        by fire-doxen-postvirus (Postfix) with ESMTP id E347232801F;
        Sun, 25 Nov 2012 18:59:59 -0800 (PST)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
Received: from webmail.caltech.edu (fire-griffen [192.168.1.231])
        by fire-doxen-internal (Postfix) with ESMTP id 1FF97328020;
        Sun, 25 Nov 2012 18:59:58 -0800 (PST)
Received: from 62.233.41.45
        (SquirrelMail authenticated user cgardner)
        by webmail.caltech.edu with HTTP;
        Sun, 25 Nov 2012 18:59:59 -0800 (PST)
Message-ID: <65288.62.233.41.45.1353898799.squirrel at webmail.caltech.edu>
Date: Sun, 25 Nov 2012 18:59:59 -0800 (PST)
Subject: Re:
From: "Mrs. Ellen .M. More" <cgardner at caltech.edu>
Reply-To: hlpfundation2 at hotmail.com
User-Agent: SquirrelMail/1.4.8-5.el5_7.13
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
X-Priority: 3 (Normal)
Importance: Normal
To:
Content-Transfer-Encoding: quoted-printable
x-aol-global-disposition: G
x-aol-sid: 3039ac1d609050b2db4d7d13
X-AOL-IP: 131.215.239.19
X-AOL-SPF: domain : caltech.edu SPF : none




I am Mrs. Ellen .M. More,A devoted Servant of God. I have a
foundation/Estate uncomplete {valued at $2,142,728.00 US Dollars} and need
you to help me finish it because of m health,everything is available
Contact me via email: hlpfundation2 at hotmail.com

>



--
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671

More information about the nsp-security mailing list