Microsoft site 131.107.115.28 blocked as known malware site, why?
raylopez99
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.
Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.
RL
WHOIS Search Results
Your WHOIS Search Results
131.107.115.28
Record Type: IP Address
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09
Moshe Goldfarb.
I believe that site has something to do with the search function in
Windows.
IOW when you do a Find it connects to that site for some reason.
I'd block the pig if I were you....
--
Moshe Goldfarb
Collector of soaps from around the globe.
Please visit The Hall of Linux Idiots:
http://linuxidiots.blogspot.com/
The Ghost In The Machine
<raylo...@yahoo.com>
wrote
on Tue, 26 Aug 2008 03:32:29 -0700 (PDT)
<5e7bb118-899a-49a1...@r66g2000hsg.googlegroups.com>:
[1] Someone got cute and submitted this address to Webroot.
Talk to Webroot.
[2] Someone got *real* cute and infected crl.microsoft.com.
Talk to Microsoft.
--
#191, ewi...@earthlink.net
Linux makes one use one's mind.
Windows just messes with one's head.
** Posted from http://www.teranews.com **
The Ghost In The Machine
<brick_...@gmail.com>
wrote
on Tue, 26 Aug 2008 10:39:07 -0400
<u5yn0m6vvxli.13d739fm1h5ef$.d...@40tude.net>:
The given address backresolves to crl.microsoft.com.
The web server is active, though directory listing access
is denied, and none of index.html nor index.htm
nor index.asp exist. index.aspx generates a server error;
interestingly, the error page is different.
wget returns
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Without more info I can't do much more.
raylopez99
<ew...@sirius.tg00suus7038.net> wrote:
> Server: Microsoft-IIS/6.0
> X-Powered-By: ASP.NET
> X-AspNet-Version: 1.1.4322
>
> Without more info I can't do much more.
>
I would not be surprised if it's some backdoor portal to record "user
experiences" by MSFT for new users of Visual Studio 2008 (which is
what I'm using), of which I own a legal but academic copy.
RL
Jerry McBride
> I was building a "hello world" application in ASP.NET and during the
> construction of the same it attempted to access the above site, owned
> by Microsoft. Webroot Spy Sweeper, which resides on my system,
> blocked the connection and lists the site as a known malware site.
>
> Why is this and has anybody else had this happen? Ordinarily Webroot
> is very reliable.
>
> RL
>
> WHOIS Search Results
> Your WHOIS Search Results
>
> 131.107.115.28
I routinely blocks these as well:
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 wustat.windows.com
127.0.0.1 sa.windows.com
127.0.0.1 ie.search.msn.com
127.0.0.1 se.windows.com
127.0.0.1 wutrack.windows.com
--
Jerry McBride (jmcb...@mail-on.us)
Rex Ballard
> I was building a "hello world" application in ASP.NET and during the
> construction of the same it attempted to access the above site, owned
> by Microsoft. Webroot Spy Sweeper, which resides on my system,
> blocked the connection and lists the site as a known malware site.
[snip details]
Think about it. You compiled an application, put it to the site, and
then were able to access and execute it.
If you can do it, so can malware hackers.
You know exactly where your page is supposed to be. But a malware
hacker could generate the bogus page, then send a link which would be
loaded when the e-mail is previewed. You don't even have to open the
e-mail, just preview it.
Because the infecting site would be a Microsoft site, it would be
nearly impossible to trace the perpetrator back to it's source.