Re: Microsoft the source of all evil?? Simple question

[Gary Flynn <flynngn () JMU EDU>]

Nick Pistentis wrote:
> I saw the same thing last week when I did a google search for "Windows
> XP Service Pack 3." Alarmingly, it was the first hit - above MS's
> legitimate technet page on the subject. Luckily I noted the URL before
> clicking - one of our forensics guys said that the executable posted
> there is roughly 300k larger than the genuine file posted on the MS
> download page, and he echoed Jim's observation that the page is visually
> near-identical.

It appears to have been around a while:
http://techrepublic.com.com/5208-11183-0.html?forumID=89&threadID=191532&messageID=1977985

They have the opportunity to bad things if they want to
do more than just pass things along to microsoft:

http://thesource.ofallevil.com/downloads/thankyou.aspx?familyId=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displayLang=en

Check out:

http://thesource.ofallevil.com/downloads
http://thesource.ofallevil.com/updates
http://thesource.ofallevil.com/security/default.mspx

I thought the second nslookup command below was odd too:

nslookup ofallevil.com

Non-authoritative answer:
Name:    ofallevil.com
Address:  209.62.14.146




nslookup thesource.ofallevil.com

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Addresses:  207.46.19.254, 207.46.192.254, 207.46.193.254, 207.46.19.190
Aliases:  thesource.ofallevil.com, www.microsoft.com
          toggle.www.ms.akadns.net, g.www.ms.akadns.net




--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature