Possible IE7 scam? (Full Version)

All Forums >> [Web Development] >> Computer Software and Hardware issues



Message

caz -> Possible IE7 scam? (10/16/2006 5:47:53)

Not sure whether this is potentially harmful, or just annoying but have just received an email headed "Please update Microsoft Internet Explorer". It's from "support at microsoft.com", which actually resolves to "quatres.saisons at wanadoo.fr"

quote:


Get downloads for Internet Explorer 7, including recommended updates as they become available. To download Internet Explorer 7 Release Candidate 1 in the language of your choice, please visit the Internet Explorer 7 worldwide page.

Internet Explorer 7 Release Candidate 1 is pre-release software. Please view the support page for troubleshooting and feedback options.


Download and support links resolve microsoft.com.al2g.info/windows/ie/support/

al2g.info has also been associated with Paypal spam.




BobbyDouglas -> RE: Possible IE7 scam? (10/16/2006 12:17:30)

Does microsoft.com.al2g.info/windows/ie/support/ look like a legit address?

It is 100% scam material. I would say differently if the address took you to another website that wasn't trying to spoof MS, and also was providing an update because MS wasn't going to release one in time.

Even though the e-mail says it came from the MS address, it doesn't mean that it came from MS. Anyone can easily spoof an e-mail from address. If you take a look at the headers for the e-mail, look for the mailserver that it was sent from, and lookup the owner/location of the IP. Most likely it is someplace out of the country.



caz -> RE: Possible IE7 scam? (10/16/2006 12:24:25)

Most likely someplace out of the country? Er, I did point this out,
quote:

It's from "support at microsoft.com", which actually resolves to "quatres.saisons at wanadoo.fr"


.fr = France

Someone has also said that AVG identifies the mail as a trojan downloader, so I wouldn't use (and didn't) any of the links on it.



BobbyDouglas -> RE: Possible IE7 scam? (10/16/2006 12:28:18)

quote:

It's from "support at microsoft.com", which actually resolves to "quatres.saisons at wanadoo.fr"

- The To/From/Reply-To addresses of e-mails are pretty much useless because anyone can fake them. It is highly unlikely that a spammer sent an e-mail and included his/her legit e-mail in the message. In order to find out where it came from, view the message source and look at the headers for an IP address. You should see one IP from your ISP, and another IP from somewhere else. Then go to http://whois.sc/192.168... where everything after the / is the IP address you are trying to lookup.



caz -> RE: Possible IE7 scam? (10/16/2006 12:39:47)

I wasn't trying to look it up; what was in the header was enough for me to know that it wasn't from Microsoft, the rest confirmed that is was suspect - this was just a heads up to others to be aware that this sort of scam is doing the rounds.



rdouglass -> RE: Possible IE7 scam? (10/16/2006 13:30:57)

Microsoft never sends emails like this. Never. And they never send out patches attached to emails either.

As everyone else pointed out, this is an attempt at an exploit.



caz -> RE: Possible IE7 scam? (10/18/2006 11:13:30)

Update from The Register

quote:

Hackers have created a bogus Internet Explorer 7 download site that attempts to load Trojan code onto the PCs of visiting surfers.

Traffic to the malicious website is being driven by a spoofed email message, claiming to be from support@microsoft.com, offering a link to download Release Candidate 1 (RC1) of Microsoft Internet Explorer 7.

Prospective marks visit a spoof website that looks similar to Microsoft's legitimate download page for IE 7 RC1. But instead of all that Microsoft goodness, surfers visit a site loaded with Trojan downloader codes which attempt to exploit browser vulnerabilities to download malware onto their machines.


[;)]



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.0625