lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: MS Security Bulletin doing email harvesting?

> -----Original Message-----
> From: Kyp Durron [mailto:kdurron@...mail.com] 
> Sent: Monday, August 04, 2003 1:17 PM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] MS Security Bulletin doing email 
> harvesting?
> 
> 
> I get this email today that says it's from 
> windowssecurity@...il.microsoft.com.  It looks legit so I go 
> to forward it 
> to someone I know and Outlook 2003 pops an error message that 
> I attached.  I 
> look at the HTML and it's trying to pull the following URL.
> 
> Do you all think it's a spammer trying to harvest emails by 
> impersonating a 
> MS security bulletin?  If it is, how funny is THAT?!?!?
>
It's so funny that I'm laughing my a$$ off.  You can't seriously mean
that you actually thought this was legitimate?  Is so, you probably
think the Good Times Virus is real and so is the Easter Bunny.

Here's a hint.

08/04/03 16:01:47 dns email.microsoft.com
Canonical name: email.microsoft.com
Addresses:
  209.11.136.150

08/04/03 16:02:18 whois !NET-209-11-136-0-1@...is.arin.net

whois -h whois.arin.net !net-209-11-136-0-1 ...

OrgName:    Digital Impact 
OrgID:      DIGITA-374
Address:    177 Bovet Road Suite 200
City:       San Mateo
StateProv:  CA
PostalCode: 94402
Country:    US

NetRange:   209.11.136.0 - 209.11.136.255 
CIDR:       209.11.136.0/24 
NetName:    DIGTIMPAC-209-11-136
NetHandle:  NET-209-11-136-0-1
Parent:     NET-209-11-0-0-2
NetType:    Reassigned
Comment:    
RegDate:    2002-07-12
Updated:    2002-12-05

Dig microsoft.com@....110.31.7 ...
Non-authoritative answer
Recursive queries supported by this server
 Query for microsoft.com type=255 class=1
  microsoft.com MX (Mail Exchanger) Priority: 10 mailb.microsoft.com
  microsoft.com MX (Mail Exchanger) Priority: 10 mailc.microsoft.com
  microsoft.com MX (Mail Exchanger) Priority: 10 maila.microsoft.com 

[pauls@...49554 pauls]$ telnet mailb.microsoft.com 25
Trying 131.107.3.122...
Connected to mailb.microsoft.com.
Escape character is '^]'.
220 inet-imc-04.redmond.corp.microsoft.com Microsoft.com ESMTP Server
Mon, 
4 Aug 2003 14:10:31 -0700
HELO utd49554.utdallas.edu
250 inet-imc-04.redmond.corp.microsoft.com Hello [129.110.3.85
MAIL TO: windowssecurity@...rosoft.com
501 5.5.4 Invalid Address
QUIT
221 2.0.0 inet-imc-04.redmond.corp.microsoft.com Service closing 
transmission channel
Connection closed by foreign host.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

Powered by blists - more mailing lists