[unisog] phishing attack against email credentials at auckland.ac.nz

Peter Van Epp vanepp at sfu.ca
Mon Jun 6 23:16:45 GMT 2005


<snip>
> 
> I've grabbed some more copies of the email, and we're actually seeing  
> 205.138.199.146 in addition to 209.67.220.164.  Anyone attempting to  
> block this at their border may want to add that ip address as well.
> 
> It also turns out that this doesn't seem to be a phishing attack.   
> When I connected to the url on 205.138.199.146 I was sent a window  
> executable.
> 
>    .Seth
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

	Thanks! One of the many joys of argus, I can tell there have been no 
connection attempts to that site in the past 24+ hours so I'm probably safe
as long as it doesn't morph yet again.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


More information about the unisog mailing list