"badkey" e-mail from Microsoft

Discussion in 'Security Software' started by Joseph Alessi, Jan 5, 2004.

  1. On Monday Jan 5, 2004 I received and email that
    supposedly came from Microsoft stating that my Product
    Key for the Windows OS could not be validated. There was
    a link to click and I was supposed to fill out a webform
    with all my personal information including Product Key.
    The language of the letter just didn't seem right to me,
    and after doing some source-level investigating I noticed
    that the link jumps to badkeys.mircosoft.ch

    It looks like someone is trying to steal Windows OS
    product keys. Just thought everyone should know.
    Joseph Alessi, Jan 5, 2004
    1. Advertisements

  2. Joseph;
    You are correct:
    Jupiter Jones [MVP], Jan 5, 2004
    1. Advertisements

  3. ...supposedly came from Microsoft stating that my Product
    Would it be wise to send a fake webform with the name of, say, your late
    great-grandfather and a bogus product key from a throwaway address? Is there
    any harm the product key thief could do with it?

    Turan Fettahoglu
    Turan Fettahoglu, Jan 5, 2004
  4. Joseph Alessi

    N. Miller Guest

    I wouldn't use any relative's name, dead or alive. I might use these names,
    though: Alan Ralsky, Eddie Marin, Thomas Cowles, Ronnie Scelson, Laura
    Betterly, Scotty Richter. All are notorious spammers. I'd be careful about
    creating a "bogus" key, though. The odds against accidently creating an
    active key belonging to an innocent party may be one in a million, but once
    is enough. Try using all of the same character in the string; all '1's for
    numeric characters, and all 'a's for alpha. Unless they have some kind of
    script to reject such an obvious forger, it should fly.

    When creating a phoney email address, be very, very careful. If you must
    have one that looks real, use a known spammer's domain. Don't just make up a
    domain, or even a "phoney" user name with a valid ISP domain. Again, you
    might accidentally hit on some innocent party's real email address, and ruin
    his Internet experience.

    Think through the possible consequences of your act; very carefully.
    Otherwise you are only contributing to the nastiness of the Internet, not
    helping at all.

    I have used some government agency phone numbers for some spammer web forms,
    but am re-thinking even that strategy after reading about how one police
    department phone system was knocked out by its publication in a spam.
    N. Miller, Jan 6, 2004
  5. Joseph Alessi

    f57 Guest

    I went to this site:

    and followed the directions for making a little tool to check if a url has
    been spoofed.

    When I dragged the shortcut over to the address bar all i ended up doing was
    going to the url listed in line one.No meassage popped up with a list of

    I must have done something wrong.lol...cause all i can think of is that if i
    do this with a bad url, i will end up in the place i don;t want to go....

    f57, Oct 9, 2005
  6. At Step 10. are you replacing the current line 2 with the 2nd and 3rd line
    in Step 10?

    Done correctly, you will not go anywhere, but a grey box will come up giving
    the real URL and the address URL.
    This can help identify a site you are currently at.
    Jupiter Jones [MVP], Oct 9, 2005
  7. Joseph Alessi

    f57 Guest

    i redid it, and it worked, he problem was that i had deleted the
    line[internet shortcut] and then my second line became the first etc etc...

    this is a pretty good tool! thanks.

    f57, Oct 9, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.