> -----Original Message----- > From: Kyp Durron [mailto:[EMAIL PROTECTED] > Sent: Monday, August 04, 2003 1:17 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] MS Security Bulletin doing email > harvesting? > > > I get this email today that says it's from > [EMAIL PROTECTED] It looks legit so I go > to forward it > to someone I know and Outlook 2003 pops an error message that > I attached. I > look at the HTML and it's trying to pull the following URL. > > Do you all think it's a spammer trying to harvest emails by > impersonating a > MS security bulletin? If it is, how funny is THAT?!?!? > It's so funny that I'm laughing my a$$ off. You can't seriously mean that you actually thought this was legitimate? Is so, you probably think the Good Times Virus is real and so is the Easter Bunny.
Here's a hint. 08/04/03 16:01:47 dns email.microsoft.com Canonical name: email.microsoft.com Addresses: 209.11.136.150 08/04/03 16:02:18 whois [EMAIL PROTECTED] whois -h whois.arin.net !net-209-11-136-0-1 ... OrgName: Digital Impact OrgID: DIGITA-374 Address: 177 Bovet Road Suite 200 City: San Mateo StateProv: CA PostalCode: 94402 Country: US NetRange: 209.11.136.0 - 209.11.136.255 CIDR: 209.11.136.0/24 NetName: DIGTIMPAC-209-11-136 NetHandle: NET-209-11-136-0-1 Parent: NET-209-11-0-0-2 NetType: Reassigned Comment: RegDate: 2002-07-12 Updated: 2002-12-05 Dig [EMAIL PROTECTED] ... Non-authoritative answer Recursive queries supported by this server Query for microsoft.com type=255 class=1 microsoft.com MX (Mail Exchanger) Priority: 10 mailb.microsoft.com microsoft.com MX (Mail Exchanger) Priority: 10 mailc.microsoft.com microsoft.com MX (Mail Exchanger) Priority: 10 maila.microsoft.com [EMAIL PROTECTED] pauls]$ telnet mailb.microsoft.com 25 Trying 131.107.3.122... Connected to mailb.microsoft.com. Escape character is '^]'. 220 inet-imc-04.redmond.corp.microsoft.com Microsoft.com ESMTP Server Mon, 4 Aug 2003 14:10:31 -0700 HELO utd49554.utdallas.edu 250 inet-imc-04.redmond.corp.microsoft.com Hello [129.110.3.85 MAIL TO: [EMAIL PROTECTED] 501 5.5.4 Invalid Address QUIT 221 2.0.0 inet-imc-04.redmond.corp.microsoft.com Service closing transmission channel Connection closed by foreign host. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
