Educause Security Discussion mailing list archives

Re: .edu email phishing

From: "Winders, Timothy A" <twinders () SOUTHPLAINSCOLLEGE EDU>
Date: Wed, 2 Apr 2008 14:48:25 -0500

Got it!  I did see the svn checkout before, but didn't think about looking there for contributions.  :-)

 
Tim Winders | Associate Dean of Information Technology | South Plains College

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson
Sent: Wednesday, April 02, 2008 2:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] .edu email phishing

Winders, Timothy A wrote:

Thanks, Jesse!

tim.winders () gmail com is my gmail username.


done

I didn't see any contributions, but the DNSBL bind zone would be

perfect.  Each to add to (any?) antispam product and easily managed.
Thanks!

http://code.google.com/p/anti-phishing-email-reply/source/browse

Jesse




Tim Winders | Associate Dean of Information Technology | South Plains

College

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson
Sent: Wednesday, April 02, 2008 2:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] .edu email phishing

Someone has already contributed a script to import the addresses

into a

BIND zone for DNSBL queries.  I have a script you can use to scan

your

outbound mail logs which I'll upload soon.  You're welcome to
contribute
your own scripts that serve other functions.  Let me know your gmail
username and I can make you a member.

Jesse

Winders, Timothy A wrote:

Thanks, Jesse.

I see that you are the owner of that project.  Is there a way to

automatically incorporate that list into anti-X products?  In my

case

specifically, we use the Barracuda antivirus appliance.  While I can
manually enter the email addresses, keeping it updated and current

over

time seems a monumental task.


Tim Winders | Associate Dean of Information Technology | South

Plains

College

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse

Thompson

Sent: Wednesday, April 02, 2008 9:12 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] .edu email phishing

http://code.google.com/p/anti-phishing-email-reply/

Jesse


Jimmy Kuo wrote:

Was this a directed (against caltech.edu) attack or was this one

of

family sent to other .edu lists?  Has anyone seen one like this

for

their school?

The return address was actually set up for:

ask.helpdesk0 () gmail com

Jimmy

----- Original Message ----- From: "ADMIN HELPDESK"
<helpdesk () caltech edu>
To: <undisclosed-recipients:>
Sent: Monday, March 31, 2008 12:39 PM
Subject: VERIFY YOUR CALTECH.EDU EMAIL ACCOUNT NOW.




Dear caltech.edu Email Account Owner,

This message is from caltech.edu messaging center to all

caltech.edu

email
account owners. We are currently upgrading our data base and e-

mail

account
center. We are deleting all unused caltech.edu email accounts

to

create more
space for new accounts.

To prevent your account from being closed, you will have to

update

it

below so
that we will know that it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........

Warning!!! Account owner that refuses to update his or her

account

within Seven
days of receiving this warning will lose his or her account

permanently.

Thank you for using caltech.edu
Warning Code:VX2G99AAJ

caltech.edu Team

www.caltech.edu

Dear caltech.edu Email Account Owner,

This message is from caltech.edu messaging center to all

caltech.edu

email
account owners. We are currently upgrading our data base and e-

mail

account
center. We are deleting all unused caltech.edu email accounts

to

create more
space for new accounts.

To prevent your account from being closed, you will have to

update

it

below so
that we will know that it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........

Warning!!! Account owner that refuses to update his or her

account

within Seven
days of receiving this warning will lose his or her account

permanently.

Thank you for using caltech.edu
Warning Code:VX2G99AAJ

caltech.edu Team

www.caltech.edu

--
   Jesse Thompson
   Email/IM: jesse.thompson () doit wisc edu

--
   Jesse Thompson
   Email/IM: jesse.thompson () doit wisc edu


--
   Jesse Thompson
   Email/IM: jesse.thompson () doit wisc edu

Current thread:

Re: .edu email phishing, (continued)
- Re: .edu email phishing Michael Behun (Apr 01)
- Re: .edu email phishing Zach Jansen (Apr 01)
- Re: .edu email phishing Dick Jacobson (Apr 02)
- Re: .edu email phishing Theresa Semmens (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Christopher Webber (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Dave Koontz (Apr 02)
- Re: .edu email phishing Jeffrey I. Schiller (Apr 02)
- Re: .edu email phishing Mike Iglesias (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Dave Koontz (Apr 02)
- Re: .edu email phishing Martin Manjak (Apr 03)