Possible Email Attack Using Microsoft

TheMSsForum.com: The Microsoft Software Forum

Received email purporting to be from www.communication3.msn.com urging me to
click on link to initiate Windows Update Service. Link included what
appeared to be complex identifier.

I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
explained I had to forward email or to fax a copy. I explained that I would
not (ever) open it in my computer because of potential security risk I
perceived.

Don't know if this is "real threat", but this is the only way I can think to
alert community.
Top

Re: Possible Email Attack Using Microsoft by Galen

Galen
Thu Mar 17 13:47:42 CST 2005

In news:O3x9DOyKFHA.3500@TK2MSFTNGP14.phx.gbl,
Cycloid Torus <fictitious@hotmail.com> had this to say:

My reply is at the bottom of your sent message:

> Received email purporting to be from www.communication3.msn.com
> urging me to click on link to initiate Windows Update Service. Link
> included what appeared to be complex identifier.
>
> I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
> explained I had to forward email or to fax a copy. I explained that I
> would not (ever) open it in my computer because of potential security
> risk I perceived.
>
> Don't know if this is "real threat", but this is the only way I can
> think to alert community.

You should send the source of the email along with the complete headers to
the address they'd requested so that the phishing attack can potentially be
stopped before other people are effected. There's no danger in doing this
any more than there would be from having already opened the email. While
they may be using forged headers to send it there's some chance that they've
failed to use a proxy service to hide or that they've left something more
tell-tale in the email that you received. As well as that there's the chance
for the appropriate people to forward the site that you'd be redirected to
when you clicked the link to the authorities so that it can be shut down
quickly enough to minimize the potential damages.

Galen

--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.


Top

Re: Possible Email Attack Using Microsoft by PA

PA
Thu Mar 17 14:16:09 CST 2005

How to Tell If a Microsoft Security-Related Message Is Genuine:
http://www.microsoft.com/security/incident/authenticate_mail.mspx

--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

In Memoriam, MVP Alex Nichol (1935-2005)
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx

Cycloid Torus wrote:
> Received email purporting to be from www.communication3.msn.com urging me
> to click on link to initiate Windows Update Service. Link included what
> appeared to be complex identifier.
>
> I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
> explained I had to forward email or to fax a copy. I explained that I
> would not (ever) open it in my computer because of potential security
> risk I perceived.
>
> Don't know if this is "real threat", but this is the only way I can think
> to alert community.
Top

Re: Possible Email Attack Using Microsoft by Vanguard

Vanguard
Thu Mar 17 16:54:14 CST 2005

"Cycloid Torus" <fictitious@hotmail.com> wrote in message
news:O3x9DOyKFHA.3500@TK2MSFTNGP14.phx.gbl...
> Received email purporting to be from www.communication3.msn.com urging
> me to click on link to initiate Windows Update Service. Link included
> what appeared to be complex identifier.
>
> I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
> explained I had to forward email or to fax a copy. I explained that I
> would not (ever) open it in my computer because of potential security
> risk I perceived.
>
> Don't know if this is "real threat", but this is the only way I can
> think to alert community.
>
>


Showing us the URL as it was *rendered* in an HTML formatted e-mail is
worthless. The only URL of importance is the real one in the HTML code
of the e-mail. Show the plain-text version of the e-mail with all the
HTML coding. THAT is where you determine where the link goes. What you
showed is what is DISPLAYED as the *text* description of the link, not
to where the actual link would connect.

--
____________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
____________________________________________________________

Top

Re: Possible Email Attack Using Microsoft by N

N
Thu Mar 17 19:03:49 CST 2005

In article <O3x9DOyKFHA.3500@TK2MSFTNGP14.phx.gbl>, Cycloid Torus says...

> Received email purporting to be from www.communication3.msn.com urging me to
> click on link to initiate Windows Update Service. Link included what
> appeared to be complex identifier.

> I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
> explained I had to forward email or to fax a copy. I explained that I would
> not (ever) open it in my computer because of potential security risk I
> perceived.

> Don't know if this is "real threat", but this is the only way I can think to
> alert community.

I have been receiving phony MSFT patches since at least March, 2003. I
suspect that MSFT knows that they are out there. Certainly the community
knows about it now.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Top

Re: Possible Email Attack Using Microsoft by Lil'

Lil'
Fri Mar 18 06:28:13 CST 2005

If you're using POP email, use email filter software such as MailWasher Pro.
The email you noted will be seen as text-only. It will expose any hidden
html code prior to getting in your mailbox. This will expose the actual
website intended by the shortcut. You can delete emails with MW Pro at the
mailserver. MW Pro is handy for pre-filtering email spam before it actually
enters your mailbox.

A few spams and lures I've noted purporting to be MS actually come from
Rumania. You can trace using the originating IP sometimes. Sometimes
they're spoofed IP addresses, which of course you delete anyway.
"Cycloid Torus" <fictitious@hotmail.com> wrote in message
news:O3x9DOyKFHA.3500@TK2MSFTNGP14.phx.gbl...
> Received email purporting to be from www.communication3.msn.com urging me
to
> click on link to initiate Windows Update Service. Link included what
> appeared to be complex identifier.
>
> I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
> explained I had to forward email or to fax a copy. I explained that I
would
> not (ever) open it in my computer because of potential security risk I
> perceived.
>
> Don't know if this is "real threat", but this is the only way I can think
to
> alert community.
>
>


Top

Re: Possible Email Attack Using Microsoft by Cycloid

Cycloid
Fri Mar 18 06:54:59 CST 2005

Thank you all for your comments, information and instruction. I've leaned
quite a few things and I do appreciate your time.
CT


Top