"badkey" e-mail from Microsoft

Discussion in 'Security Software' started by Joseph Alessi, Jan 5, 2004.

  1. On Monday Jan 5, 2004 I received and email that
    supposedly came from Microsoft stating that my Product
    Key for the Windows OS could not be validated. There was
    a link to click and I was supposed to fill out a webform
    with all my personal information including Product Key.
    The language of the letter just didn't seem right to me,
    and after doing some source-level investigating I noticed
    that the link jumps to badkeys.mircosoft.ch

    It looks like someone is trying to steal Windows OS
    product keys. Just thought everyone should know.
     
    Joseph Alessi, Jan 5, 2004
    #1
    1. Advertisements

  2. Joseph;
    You are correct:
    http://www3.telus.net/dandemar/badkey.htm
     
    Jupiter Jones [MVP], Jan 5, 2004
    #2
    1. Advertisements

  3. ...supposedly came from Microsoft stating that my Product
    Would it be wise to send a fake webform with the name of, say, your late
    great-grandfather and a bogus product key from a throwaway address? Is there
    any harm the product key thief could do with it?

    Turan Fettahoglu
     
    Turan Fettahoglu, Jan 5, 2004
    #3
  4. Joseph Alessi

    N. Miller Guest

    I wouldn't use any relative's name, dead or alive. I might use these names,
    though: Alan Ralsky, Eddie Marin, Thomas Cowles, Ronnie Scelson, Laura
    Betterly, Scotty Richter. All are notorious spammers. I'd be careful about
    creating a "bogus" key, though. The odds against accidently creating an
    active key belonging to an innocent party may be one in a million, but once
    is enough. Try using all of the same character in the string; all '1's for
    numeric characters, and all 'a's for alpha. Unless they have some kind of
    script to reject such an obvious forger, it should fly.

    When creating a phoney email address, be very, very careful. If you must
    have one that looks real, use a known spammer's domain. Don't just make up a
    domain, or even a "phoney" user name with a valid ISP domain. Again, you
    might accidentally hit on some innocent party's real email address, and ruin
    his Internet experience.

    Think through the possible consequences of your act; very carefully.
    Otherwise you are only contributing to the nastiness of the Internet, not
    helping at all.

    I have used some government agency phone numbers for some spammer web forms,
    but am re-thinking even that strategy after reading about how one police
    department phone system was knocked out by its publication in a spam.
     
    N. Miller, Jan 6, 2004
    #4
  5. Joseph Alessi

    f57 Guest

    I went to this site:
    http://www3.telus.net/dandemar/badkey.htm

    and followed the directions for making a little tool to check if a url has
    been spoofed.

    When I dragged the shortcut over to the address bar all i ended up doing was
    going to the url listed in line one.No meassage popped up with a list of
    addresses.

    I must have done something wrong.lol...cause all i can think of is that if i
    do this with a bad url, i will end up in the place i don;t want to go....

    f57
     
    f57, Oct 9, 2005
    #5
  6. At Step 10. are you replacing the current line 2 with the 2nd and 3rd line
    in Step 10?

    Done correctly, you will not go anywhere, but a grey box will come up giving
    the real URL and the address URL.
    This can help identify a site you are currently at.
     
    Jupiter Jones [MVP], Oct 9, 2005
    #6
  7. Joseph Alessi

    f57 Guest

    i redid it, and it worked, he problem was that i had deleted the
    line[internet shortcut] and then my second line became the first etc etc...

    this is a pretty good tool! thanks.

    f57
     
    f57, Oct 9, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.