Full Disclosure mailing list archives
RE: MS Security Bulletin doing email harvesting?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Mon, 4 Aug 2003 16:16:17 -0500
-----Original Message----- From: Kyp Durron [mailto:kdurron () hotmail com] Sent: Monday, August 04, 2003 1:17 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] MS Security Bulletin doing email harvesting? I get this email today that says it's from windowssecurity () email microsoft com. It looks legit so I go to forward it to someone I know and Outlook 2003 pops an error message that I attached. I look at the HTML and it's trying to pull the following URL. Do you all think it's a spammer trying to harvest emails by impersonating a MS security bulletin? If it is, how funny is THAT?!?!?
It's so funny that I'm laughing my a$$ off. You can't seriously mean that you actually thought this was legitimate? Is so, you probably think the Good Times Virus is real and so is the Easter Bunny. Here's a hint. 08/04/03 16:01:47 dns email.microsoft.com Canonical name: email.microsoft.com Addresses: 209.11.136.150 08/04/03 16:02:18 whois !NET-209-11-136-0-1 () whois arin net whois -h whois.arin.net !net-209-11-136-0-1 ... OrgName: Digital Impact OrgID: DIGITA-374 Address: 177 Bovet Road Suite 200 City: San Mateo StateProv: CA PostalCode: 94402 Country: US NetRange: 209.11.136.0 - 209.11.136.255 CIDR: 209.11.136.0/24 NetName: DIGTIMPAC-209-11-136 NetHandle: NET-209-11-136-0-1 Parent: NET-209-11-0-0-2 NetType: Reassigned Comment: RegDate: 2002-07-12 Updated: 2002-12-05 Dig microsoft.com@129.110.31.7 ... Non-authoritative answer Recursive queries supported by this server Query for microsoft.com type=255 class=1 microsoft.com MX (Mail Exchanger) Priority: 10 mailb.microsoft.com microsoft.com MX (Mail Exchanger) Priority: 10 mailc.microsoft.com microsoft.com MX (Mail Exchanger) Priority: 10 maila.microsoft.com [pauls@utd49554 pauls]$ telnet mailb.microsoft.com 25 Trying 131.107.3.122... Connected to mailb.microsoft.com. Escape character is '^]'. 220 inet-imc-04.redmond.corp.microsoft.com Microsoft.com ESMTP Server Mon, 4 Aug 2003 14:10:31 -0700 HELO utd49554.utdallas.edu 250 inet-imc-04.redmond.corp.microsoft.com Hello [129.110.3.85 MAIL TO: windowssecurity () microsoft com 501 5.5.4 Invalid Address QUIT 221 2.0.0 inet-imc-04.redmond.corp.microsoft.com Service closing transmission channel Connection closed by foreign host. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS Security Bulletin doing email harvesting? Kyp Durron (Aug 04)
- RE: MS Security Bulletin doing email harvesting? Richard M. Smith (Aug 04)
- <Possible follow-ups>
- RE: MS Security Bulletin doing email harvesting? Schmehl, Paul L (Aug 04)