"Microsoft Security Update"
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
"Microsoft Security Update" Martha Adams 08-21-2008
Posted by Martha Adams on August 21, 2008, 8:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options


Noted in my email this morning: a purported message
from Microsoft Security Update with a URL for me to
follow-up immediately for a "critical update." I
googled on the "originating IP" number and found no
hits. This number is,

67.202.19.184

Does it ring a bell with anyone here? ??

(I didn't try this ...opportunity.)

Thanks -- mha [comp.security.misc 2008 Aug 21]



Posted by mak on August 21, 2008, 9:23 am
If you were  Registered and logged in, you could reply and use other advanced thread options


Martha Adams wrote:

> Noted in my email this morning: a purported message
> from Microsoft Security Update with a URL for me to
> follow-up immediately for a "critical update." I
> googled on the "originating IP" number and found no
> hits. This number is,
>
> 67.202.19.184
>
> Does it ring a bell with anyone here? ??
>
> (I didn't try this ...opportunity.)
>
> Thanks -- mha [comp.security.misc 2008 Aug 21]
>
>

the ip range belongs to amazon...doesn't mean much, except one of those
thousands of possible computers is infected and
is being abused for spaming.

more interesting is the url/IP they want you to go to...

M


OrgName: Amazon.com, Inc.
OrgID: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US

NetRange: 67.202.0.0 - 67.202.63.255
CIDR: 67.202.0.0/18
NetName: AMAZON-EC2-3
NetHandle: NET-67-202-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Assignment
NameServer: PDNS1.ULTRADNS.NET
NameServer: PDNS2.ULTRADNS.NET
NameServer: PDNS3.ULTRADNS.ORG
Comment: This network is a member of a dynamic hosting
Comment: environment. See http://ec2.amazonaws.com/
Comment: All reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email)
Comment: Without these we will be unable to identify
Comment: the correct owner of the IP address at that
Comment: point in time.
RegDate: 2007-08-02
Updated: 2008-03-25

RAbuseHandle: AEA8-ARIN
RAbuseName: Amazon EC2 Abuse
RAbusePhone: +1-206-266-2187
RAbuseEmail:

RNOCHandle: ANO24-ARIN
RNOCName: Amazon EC2 Network Operations
RNOCPhone: +1-206-266-2187
RNOCEmail:

RTechHandle: ANO24-ARIN
RTechName: Amazon EC2 Network Operations
RTechPhone: +1-206-266-2187
RTechEmail:

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-2187
OrgAbuseEmail:

OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-2187
OrgTechEmail:

Posted by Doug McIntyre on August 21, 2008, 10:24 am
If you were  Registered and logged in, you could reply and use other advanced thread options


>Martha Adams wrote:
>> Noted in my email this morning: a purported message
>> from Microsoft Security Update with a URL for me to
>> follow-up immediately for a "critical update." I
>> googled on the "originating IP" number and found no
>> hits. This number is,
>>
>> 67.202.19.184
>>
>> Does it ring a bell with anyone here? ??
>>
>> (I didn't try this ...opportunity.)
>>
>> Thanks -- mha [comp.security.misc 2008 Aug 21]
>>
>>

>the ip range belongs to amazon...doesn't mean much, except one of those
thousands of possible computers is infected and
>is being abused for spaming.

>more interesting is the url/IP they want you to go to...

>OrgName: Amazon.com, Inc.
>OrgID: AMAZO-4
>Address: Amazon Web Services, Elastic Compute Cloud, EC2


Its doubtful that anything at Amazon is infected. The EC2 is a cloud
of machines that anybody can rent cheaply and with virtualy no
questions asked to run anything on. You can complain to them to the
abuse contacts (which I cut out of your original).

I would guess that several sysadmins are just blocking all the AMazon EC2
IP ranges for email because there's been several times that abuse has come
out of there...




Posted by Martha Adams on August 21, 2008, 10:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options



>>Martha Adams wrote:
>>> Noted in my email this morning: a purported message
>>> from Microsoft Security Update with a URL for me to
>>> follow-up immediately for a "critical update." I
>>> googled on the "originating IP" number and found no
>>> hits. This number is,
>>>
>>> 67.202.19.184
>>>
>>> Does it ring a bell with anyone here? ??
>>>
>>> (I didn't try this ...opportunity.)
>>>
>>> Thanks -- mha [comp.security.misc 2008 Aug 21]
>>>
>>>
>
>>the ip range belongs to amazon...doesn't mean much, except one of
>>those thousands of possible computers is infected and
>>is being abused for spaming.
>
>>more interesting is the url/IP they want you to go to...
>
>>OrgName: Amazon.com, Inc.
>>OrgID: AMAZO-4
>>Address: Amazon Web Services, Elastic Compute Cloud, EC2
>
>
> Its doubtful that anything at Amazon is infected. The EC2 is a cloud
> of machines that anybody can rent cheaply and with virtualy no
> questions asked to run anything on. You can complain to them to the
> abuse contacts (which I cut out of your original).
>
> I would guess that several sysadmins are just blocking all the AMazon
> EC2
> IP ranges for email because there's been several times that abuse has
> come
> out of there...

Well, for anyone who is interested, here is the whole
message:

Dear Microsoft Customer,

You are receiving this message because your version of Microsoft Windows
is affected by a dangerous security vulnerability.

In order to prevent possible risk of system instability, Microsoft urges
you to update at your earliest convenience.

We are providing a free update to all Windows users.

You can update your system for free by visiting the offical website for
this patch, at
http://customerservice.system-updates.net/?businessrelations
Thank you for your understanding in this matter.

Regards,
Cathy Rhoades
Business Relations Representative
Microsoft Corporation
http://customerservice.system-updates.net/?businessrelations

(Copy ends.)

I haven't tried to follow this url because I don't
feel ready to cope with possible consequences.

Cheers -- mha [comp.security.misc 2008 Aug 21]



Posted by Neil W Rickert on August 21, 2008, 11:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options



>We are providing a free update to all Windows users.

>You can update your system for free by visiting the offical website for
>this patch, at
>http://customerservice.system-updates.net/?businessrelations
>Thank you for your understanding in this matter.

Domain "system-updates.net" was registered today.

Domain Name: SYSTEM-UPDATES.NET
Registrar: INTERNET.BS CORP.
Whois Server: whois.internet.bs
Referral URL: http://www.internet.bs
Name Server: NS5.SECUREDNS.CN
Name Server: NS6.SECUREDNS.CN
Status: clientTransferProhibited
Updated Date: 20-aug-2008
Creation Date: 20-aug-2008
Expiration Date: 20-aug-2009


The owner (registrant of the domain) is listed as:

        Government of St. Vincent and the Grenadines

The DNS servers for the domain are in China.

It should be obvious that this is a fraudulent domain, the listed
registrant is bogus, and the domain is controlled by cybercriminals.


Similar ThreadsPosted
Security suggestion for Microsoft June 6, 2005, 10:23 am
Microsoft Zero Day security holes being exploited September 22, 2006, 10:37 pm
Security Flaw with Digital signatures in Microsoft Outlook February 17, 2005, 9:09 pm
ISS Advisor Update August 15, 2004, 11:09 am
Re: Rising antivirus update December 12, 2008, 1:54 pm
IRS/Websense Update Phishing Alerts March 23, 2006, 10:20 am
BugHunter pattern update 705 items! June 26, 2006, 12:43 pm
IE7 to be Pushed to Users Via Windows Update July 27, 2006, 10:01 pm
Scamster site, privacy.li (update) April 30, 2007, 8:10 am
Update from the LISA '08 Program Chair April 21, 2008, 5:00 pm

The site map in XML format XML site map

Contact Us | Privacy Policy