| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B47638@UTDEVS02.campus.ad.utdallas.edu> From: pauls at utdallas.edu (Schmehl, Paul L) Subject: MS Security Bulletin doing email harvesting? > -----Original Message----- > From: Kyp Durron [mailto:kdurron@...mail.com] > Sent: Monday, August 04, 2003 1:17 PM > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] MS Security Bulletin doing email > harvesting? > > > I get this email today that says it's from > windowssecurity@...il.microsoft.com. It looks legit so I go > to forward it > to someone I know and Outlook 2003 pops an error message that > I attached. I > look at the HTML and it's trying to pull the following URL. > > Do you all think it's a spammer trying to harvest emails by > impersonating a > MS security bulletin? If it is, how funny is THAT?!?!? > It's so funny that I'm laughing my a$$ off. You can't seriously mean that you actually thought this was legitimate? Is so, you probably think the Good Times Virus is real and so is the Easter Bunny. Here's a hint. 08/04/03 16:01:47 dns email.microsoft.com Canonical name: email.microsoft.com Addresses: 209.11.136.150 08/04/03 16:02:18 whois !NET-209-11-136-0-1@...is.arin.net whois -h whois.arin.net !net-209-11-136-0-1 ... OrgName: Digital Impact OrgID: DIGITA-374 Address: 177 Bovet Road Suite 200 City: San Mateo StateProv: CA PostalCode: 94402 Country: US NetRange: 209.11.136.0 - 209.11.136.255 CIDR: 209.11.136.0/24 NetName: DIGTIMPAC-209-11-136 NetHandle: NET-209-11-136-0-1 Parent: NET-209-11-0-0-2 NetType: Reassigned Comment: RegDate: 2002-07-12 Updated: 2002-12-05 Dig microsoft.com@....110.31.7 ... Non-authoritative answer Recursive queries supported by this server Query for microsoft.com type=255 class=1 microsoft.com MX (Mail Exchanger) Priority: 10 mailb.microsoft.com microsoft.com MX (Mail Exchanger) Priority: 10 mailc.microsoft.com microsoft.com MX (Mail Exchanger) Priority: 10 maila.microsoft.com [pauls@...49554 pauls]$ telnet mailb.microsoft.com 25 Trying 131.107.3.122... Connected to mailb.microsoft.com. Escape character is '^]'. 220 inet-imc-04.redmond.corp.microsoft.com Microsoft.com ESMTP Server Mon, 4 Aug 2003 14:10:31 -0700 HELO utd49554.utdallas.edu 250 inet-imc-04.redmond.corp.microsoft.com Hello [129.110.3.85 MAIL TO: windowssecurity@...rosoft.com 501 5.5.4 Invalid Address QUIT 221 2.0.0 inet-imc-04.redmond.corp.microsoft.com Service closing transmission channel Connection closed by foreign host. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists