Ironworks Gaming Forum - View Single Post

LennonCook · 10-26-2004, 04:39 AM

And tell me, Luke, how would a remote system be able to find Jarrad? To use the messenger service, you have to be able to identify a computer to send it to - sending it to * doesn't look up ISP DNS. Windows might be insecure enough to make IPs publically available by default, and moreso if you use it's inbuilt firewall (the pre-SP2 one, atleast - not sure about the new one), but Jarrad has ZoneAlarm running.
Yes, it is coming through the messenger service, which is on by default (stupid as that is, since it is basically useless for anyone but a corporate userbase), and it allows these messages to come through past any firewall. Turning it off is a good idea, but it only solves the symptom, not the problem. The problem being, that something is broadcasting an IP address. Which points pretty much to spyware or a virus.

And, yes, this is phishing scams most definately. If you go to the address in the first one, it gives you a Microsoft security bulletin. It sounds semi-legit, in that it is worded kindof like an MS security bulletin, and it is an issue that could well be real. But, it has a few major doubting points - the colour scheme is like nothing from the Microsoft site, there is not Microsoft branding or logos about, and says you need to pay them to get the update. It also says to email support@msoftware.org about any questions.
And it gave me a price in AUD, even though the account I'm using is meant to be in Maryland, USA.

I am waiting now for an email from them with this patch, and I'll be able to see just how legitimate it is - although it definately reeks of either "pay us to give you a virus", or possibly another "let's pick on Microsoft" thing.

10-26-2004, 04:39 AM	#10
LennonCook Jack Burton Join Date: November 10, 2001 Location: Bathurst & Orange, in constant flux Age: 37 Posts: 5,452	And tell me, Luke, how would a remote system be able to find Jarrad? To use the messenger service, you have to be able to identify a computer to send it to - sending it to * doesn't look up ISP DNS. Windows might be insecure enough to make IPs publically available by default, and moreso if you use it's inbuilt firewall (the pre-SP2 one, atleast - not sure about the new one), but Jarrad has ZoneAlarm running. Yes, it is coming through the messenger service, which is on by default (stupid as that is, since it is basically useless for anyone but a corporate userbase), and it allows these messages to come through past any firewall. Turning it off is a good idea, but it only solves the symptom, not the problem. The problem being, that something is broadcasting an IP address. Which points pretty much to spyware or a virus. And, yes, this is phishing scams most definately. If you go to the address in the first one, it gives you a Microsoft security bulletin. It sounds semi-legit, in that it is worded kindof like an MS security bulletin, and it is an issue that could well be real. But, it has a few major doubting points - the colour scheme is like nothing from the Microsoft site, there is not Microsoft branding or logos about, and says you need to pay them to get the update. It also says to email support@msoftware.org about any questions. And it gave me a price in AUD, even though the account I'm using is meant to be in Maryland, USA. I am waiting now for an email from them with this patch, and I'll be able to see just how legitimate it is - although it definately reeks of either "pay us to give you a virus", or possibly another "let's pick on Microsoft" thing.