-
October 10th, 2004, 02:53 PM
#11
Maybe they found an exploit in SP2 and they want everyone to download it to infect everyones computers??? Other than that, I'm just as confused..
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
October 10th, 2004, 03:10 PM
#12
Banned
Yeah, but even if there was an exploit in SP2, I doubt the benefit of it (to the cracker) would outweight having millions of unprotected computers out there ripe for the picking. SP2 fixes way to many of M$'s security issues.
Oh yeah... I decided to vote for Jennifer Anniston. Bush and Kerry are just creepy.
-
October 10th, 2004, 05:13 PM
#13
Originally posted here by moxnix
Well, I only have the info provided but check out the spelling and typos for one thing.
1. "don't forget to get itfor free today"
2. "Help your friendsand family"
3. "More ofwhat you love about your computer"
Just to show a few....there are more, and I don't think MSN would allow something with those erros to go out.
i use SuSE and Konquerer. missing spaces between words. I get a lot of that in the email client from HTML emails.
-
October 10th, 2004, 09:49 PM
#14
Junior Member
seems like microsoft's network
try doing a trace route to the servers servera01.cpsmtpout3.msn.com and communications3.msn.com mentioned in the mail..... the last server is pos1-0.iuscixtukc1201.ntwk.msn.net before the request times out....
now do a tracert to www.microsoft.com.... the last server again is pos1-0.iuscixtukc1201.ntwk.msn.net before the request times out....
so basically the email seems to have originated somewhere from the microsoft's network.... now ofcourse that doesn't make the email totally legitimate
pl correct me if i'm wrong!!!!
keep smilling
-
October 11th, 2004, 03:20 AM
#15
Thats a weird one to crack. i have neavor seen one like that.
-
October 11th, 2004, 05:59 PM
#16
Rktak, I did a couple IP Block/WhoIs checks on a couple of the servers as well and found they were both part of registered domains of MicroSoft. (communications3 and servera01).
It appears as though the email originated from here:
Received: from communications3.msn.com ([207.46.153.61])
which Sam Spade identifies as registered to Microsoft. That's not saying that someone couldn't have just injected a couple extra recieved: fields in order to make the email appear to have come from communications3.msn.com
The path of the email runs through these server exchanges (from what I can see):
communications3.msn.com
servera01.cpsmtpout3.msn.com
xprdmx9.nwk.excite.com
0 (qmail-ldap-1.03) (I'm not sure about this one)
The only actual exchange that seems to be a little odd is this:
Received: from unknown (HELO xprdmx9.nwk.excite.com) ([10.50.30.30]) (envelope-sender <communications?wincs?fpp@communications3.msn.com> )
by 0 (qmail-ldap-1.03) with SMTP
If you look at Moxnix's WhoIs of this envelope sender, something seems somewhat fishy. In addition to that, if you do a WhoIs on xprdmx9.nwk.excite.com you'll see the IPs of the servers are not even remotely close to 10.50.30.30. That IP address actually belongs to IANA. Maybe I'm missing something?
Anyways, something else bothers me about this being an effective scam.
Remember,the easiest way to get SP2 is by turning on your AutomaticUpdate
Why would they even bother putting this in here? very strange indeed.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
October 11th, 2004, 08:36 PM
#17
Ahem... Girls and Boys.....
Is indeed an IANA address..... Look at it really, really carefully and you will see that it fits rather nicely into the 10.0.0.0/8 IP address block that is private.
It would be almost impossible to spoof this address since all communication back to the initiator would be dropped by the internet routers, (MS' included), so this did indeed originate within the MS network.
I'm about to leave... I'll take another look in a minute....
[Edit]
It looks kosher to me....
Are you an MS Preferred Customer?
[/Edit]
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 11th, 2004, 10:51 PM
#18
Received: from unknown (HELO xprdmx9.nwk.excite.com) ([10.50.30.30])
This seems very suspicious to me. The machine [xprdmx9.nwk.excite.com] is not identifying itself correctly. The associated IP address should not be resolving back to IANA but rather, some form of Excite's domains(I did a WhoIs on the server [xprdmx9.nwk.excite.com] and checked out the registered domains). Also, I believe the HELO field can be forged as well (if I remember correctly). This 10.50.30.30 is throwing me for a loop. Again, maybe I'm missing something?
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
October 12th, 2004, 12:56 AM
#19
Originally posted here by Tiger Shark
Are you an MS Preferred Customer?
No Tiger, except for getting a couple of free disks from them, I haven't comunicated with MSN in along time, and I don't think I used my excite account to do that.
It still strikes me as a fake. If anyone wants to see the original email with the html intact, just pm me an email addy and I will forward it to you, and then maybe you can see what I mean.
moxnix
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
October 12th, 2004, 11:03 AM
#20
Mox... ahah.... I was going to ask if there was any html.....
Right near the top there will be a declaration of an image map. The image map covers a large area of the email itself.... as you run your cursor over the email you should notice that it is a hand rather than a pointer....
Am I correct?
If so the address the image map points to is where you will be sent..... That's why everything else looks really kosher.... because it is.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|