Possible Email Attack Using Microsoft
Cycloid Torus
click on link to initiate Windows Update Service. Link included what
appeared to be complex identifier.
I called Redmond, but couldn't get past frontdesk. Lady (nice lady)
explained I had to forward email or to fax a copy. I explained that I would
not (ever) open it in my computer because of potential security risk I
perceived.
Don't know if this is "real threat", but this is the only way I can think to
alert community.
Galen
Cycloid Torus <ficti...@hotmail.com> had this to say:
My reply is at the bottom of your sent message:
You should send the source of the email along with the complete headers to
the address they'd requested so that the phishing attack can potentially be
stopped before other people are effected. There's no danger in doing this
any more than there would be from having already opened the email. While
they may be using forged headers to send it there's some chance that they've
failed to use a proxy service to hide or that they've left something more
tell-tale in the email that you received. As well as that there's the chance
for the appropriate people to forward the site that you'd be redirected to
when you clicked the link to the authorities so that it can be shut down
quickly enough to minimize the potential damages.
Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
PA Bear
http://www.microsoft.com/security/incident/authenticate_mail.mspx
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security
In Memoriam, MVP Alex Nichol (1935-2005)
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
Vanguard
news:O3x9DOyK...@TK2MSFTNGP14.phx.gbl...
Showing us the URL as it was *rendered* in an HTML formatted e-mail is
worthless. The only URL of importance is the real one in the HTML code
of the e-mail. Show the plain-text version of the e-mail with all the
HTML coding. THAT is where you determine where the link goes. What you
showed is what is DISPLAYED as the *text* description of the link, not
to where the actual link would connect.
--
____________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
____________________________________________________________
N. Miller
I have been receiving phony MSFT patches since at least March, 2003. I
suspect that MSFT knows that they are out there. Certainly the community
knows about it now.
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Lil' Dave
The email you noted will be seen as text-only. It will expose any hidden
html code prior to getting in your mailbox. This will expose the actual
website intended by the shortcut. You can delete emails with MW Pro at the
mailserver. MW Pro is handy for pre-filtering email spam before it actually
enters your mailbox.
A few spams and lures I've noted purporting to be MS actually come from
Rumania. You can trace using the originating IP sometimes. Sometimes
they're spoofed IP addresses, which of course you delete anyway.
"Cycloid Torus" <ficti...@hotmail.com> wrote in message
news:O3x9DOyK...@TK2MSFTNGP14.phx.gbl...
Cycloid Torus
quite a few things and I do appreciate your time.
CT