On Monday Jan 5, 2004 I received and email that
supposedly came from Microsoft stating that my Product
Key for the Windows OS could not be validated.  There was
a link to click and I was supposed to fill out a webform
with all my personal information including Product Key.
The language of the letter just didn't seem right to me,
and after doing some source-level investigating I noticed
that the link jumps to badkeys.mircosoft.ch

It looks like someone is trying to steal Windows OS
product keys.  Just thought everyone should know.

[ Post a follow-up to this message ]

Joseph;
You are correct:
http://www3.telus.net/dandemar/badkey.htm

--
Jupiter Jones  [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/...roups/setup.asp
http://www3.telus.net/dandemar/


"Joseph Alessi" <jalessi@krasdalefoods.com> wrote in message
news:013501c3d3ab$43c5f120$a101280a@phx.gbl...
quote:

> On Monday Jan 5, 2004 I received and email that
> supposedly came from Microsoft stating that my Product
> Key for the Windows OS could not be validated.  There was
> a link to click and I was supposed to fill out a webform
> with all my personal information including Product Key.
> The language of the letter just didn't seem right to me,
> and after doing some source-level investigating I noticed
> that the link jumps to badkeys.mircosoft.ch
>
> It looks like someone is trying to steal Windows OS
> product keys.  Just thought everyone should know.

[ Post a follow-up to this message ]

> ...supposedly came from Microsoft stating that my Product
quote:

> Key for the Windows OS could not be validated.  There was
> a link to click and I was supposed to fill out a webform
> with all my personal information including Product Key.
> It looks like someone is trying to steal Windows OS
> product keys.


Would it be wise to send a fake webform with the name of, say, your late
great-grandfather and a bogus product key from a throwaway address? Is there
any harm the product key thief could do with it?

Turan Fettahoglu

[ Post a follow-up to this message ]

In article <uL7rSB#0DHA.560@TK2MSFTNGP11.phx.gbl>, turan.fe@web.de says...
quote:
 
>
> Would it be wise to send a fake webform with the name of, say, your late
> great-grandfather and a bogus product key from a throwaway address? Is the
re
> any harm the product key thief could do with it?


I wouldn't use any relative's name, dead or alive. I might use these names,
though: Alan Ralsky, Eddie Marin, Thomas Cowles, Ronnie Scelson, Laura
Betterly, Scotty Richter. All are notorious spammers. I'd be careful about
creating a "bogus" key, though. The odds against accidently creating an
active key belonging to an innocent party may be one in a million, but once
is enough. Try using all of the same character in the string; all '1's for
numeric characters, and all 'a's for alpha. Unless they have some kind of
script to reject such an obvious forger, it should fly.

When creating a phoney email address, be very, very careful. If you must
have one that looks real, use a known spammer's domain. Don't just make up a
domain, or even a "phoney" user name with a valid ISP domain. Again, you
might accidentally hit on some innocent party's real email address, and ruin
his Internet experience.

Think through the possible consequences of your act; very carefully.
Otherwise you are only contributing to the nastiness of the Internet, not
helping at all.

I have used some government agency phone numbers for some spammer web forms,
but am re-thinking even that strategy after reading about how one police
department phone system was knocked out by its publication in a spam.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

[ Post a follow-up to this message ]