Suspicious link? - A query

[~BD~]

Hello!

Here is a screenshot of the 'advice/warning' given on my iMac (using
SeaMonkey 2.0.10) when I followed a link in the 24hoursupport.helpdesk
newsgroup.

http://tinypic.com/r/zivk45/7

I'm wondering - if I'd followed the link using MS Windows - would the
..exe file have been *automatically* downloaded to my computer and, if
so, whether or not it might be genuine or malicious.

I elected to cancel the download, btw.

I'd appreciate comments from the group. TIA.

Here is the actual link (obfuscated)

hxxp://www.microsoft.com/downloads/thankyou.aspx?familyId=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displayLang=pt-pt

*This* is a genuine link obtained directly from Microsoft:

http://www.microsoft.com/downloads/e...displaylang=en

[Mike Easter]

~BD~ wrote:

> Here is a screenshot of the 'advice/warning' given on my iMac (using
> SeaMonkey 2.0.10) when I followed a link in the 24hoursupport.helpdesk
> newsgroup.
>
> http://tinypic.com/r/zivk45/7

That is the MS Portugese page and .exe download for the Portugese
version of MS's Win XP SP3. What post on 24hshd would be giving a link
to a Portugese XP sp3?

Most people who might have their IE browsers configured securely and
with active-X disabled are going to allow/enable active-X and otherwise
enable as trusted webpages from microsoft as well as their executables.

The file for download is WindowsXP-KB936929-SP3-x86-PTG.exe where the
-PTG part is the Portugese. English users would get the -ENU version

> I'm wondering - if I'd followed the link using MS Windows - would the
> .exe file have been *automatically* downloaded to my computer and, if
> so, whether or not it might be genuine or malicious.

The file is from MS. People trust MS to not provide malicious
executables. sp3 is a very important service pack for XP, but not in
Portugese.


--
Mike Easter

[BoaterDave]

On Oct 30, 1:56*pm, Mike Easter <Mi...@ster.invalid> wrote:
> ~BD~ wrote:
> > Here is a screenshot of the 'advice/warning' given on my iMac (using
> > SeaMonkey 2.0.10) when I followed a link in the 24hoursupport.helpdesk
> > newsgroup.
>
> >http://tinypic.com/r/zivk45/7
>
> That is the MS Portugese page and .exe download for the Portugese
> version of MS's Win XP SP3. What post on 24hshd would be giving a link
> to a Portugese XP sp3?
>
> Most people who might have their IE browsers configured securely and
> with active-X disabled are going to allow/enable active-X and otherwise
> enable as trusted webpages from microsoft as well as their executables.
>
> The file for download is WindowsXP-KB936929-SP3-x86-PTG.exe where the
> -PTG part is the Portugese. English users would get the -ENU version
>
> > I'm wondering - if I'd followed the link using MS Windows - would the
> > .exe file have been *automatically* downloaded to my computer and, if
> > so, whether or not it might be genuine or malicious.
>
> The file is from MS. People trust MS to not provide malicious
> executables. sp3 is a very important service pack for XP, but not in
> Portugese.
>
> --
> Mike Easter

@ Mike Easter

I have no idea why the body of your post isn't showing in my recently
updated version of SeaMonkey when it is showing here in Google Groups
as plain as day!

I note that you didn't take the 'challenge' I posted recently on
Scorched-Earth.

Here it is: https://www.phish-no-phish.com/default.aspx

Perhaps you'll take the test now - and then explain to me exactly *how
you know* that the 'Portugese* page is a *Genuine* Microsoft page.

I'd hoped that someone on the 'spyware' group might have had the
wherewithal to check the link. Maybe they still will, eh?

Dave

[Rhonda Lea Kirk Fries]

Morphing again, I see. Cut it out.

BoaterDave wrote:

<nothing useful>

[~BD~]

Mike Easter wrote:

> The file is from MS.

How do you *KNOW* that? Serious question regarding that particular link.

> People trust MS to not provide malicious executables.

They do! What better domain to choose to fool folk?!!!

Quote:

A Spoofed URL describes one website that poses as another. It sometimes
applies a mechanism that exploits bugs in web browser technology,
allowing a malicious computer attack. Such attacks are most effective
against computers that lack recent security patches. Others are designed
for the purpose of a parody.

During such an attack, a computer user innocently visits a web site and
sees a familiar URL in the address bar such as http://www.wikipedia.org
but is, in reality, sending information to an entirely different
location that would typically be monitored by an information thief. When
sensitive information is requested by a fraudulent website, it is called
phishing.

The user is typically enticed to the false website from an email or a
hyperlink from another website.

In another variation, a website may look like the original, but is in
fact a parody of it. These are mostly harmless, and are more noticeably
different from the original, as they usually do not exploit bugs in web
browser technology.

This can also take place in a hosts file. It can redirect a site(s) to
another IP, which could be a spoofed website.

Ref: http://en.wikipedia.org/wiki/URL_spoofing

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:sMSdnYBB-Lzz_VDRnZ2dnUVZ8uednZ2d@bt.com...
> Mike Easter wrote:
>
>> The file is from MS.
>
> How do you *KNOW* that? Serious question regarding that particular link.
>
>> People trust MS to not provide malicious executables.
>
> They do! What better domain to choose to fool folk?!!!
>
> Quote:
>
> A Spoofed URL describes one website that poses as another. It sometimes applies a
> mechanism that exploits bugs in web browser technology, allowing a malicious
> computer attack. Such attacks are most effective against computers that lack
> recent security patches. Others are designed for the purpose of a parody.
>
> During such an attack, a computer user innocently visits a web site and sees a
> familiar URL in the address bar such as http://www.wikipedia.org but is, in
> reality, sending information to an entirely different location that would
> typically be monitored by an information thief. When sensitive information is
> requested by a fraudulent website, it is called phishing.
>
> The user is typically enticed to the false website from an email or a hyperlink
> from another website.
>
> In another variation, a website may look like the original, but is in fact a
> parody of it. These are mostly harmless, and are more noticeably different from
> the original, as they usually do not exploit bugs in web browser technology.
>
> This can also take place in a hosts file. It can redirect a site(s) to another IP,
> which could be a spoofed website.
>
> Ref: http://en.wikipedia.org/wiki/URL_spoofing


BD

It is a legitimate site and period. You are purposely looking for trouble where
there is none
The site is in Portuguese and is from MS. What is more dangerous is opening links
that are from Tiny URL or from tinypic as you posted. Nobody knows what they are
opening with those. Smart people do not open those links because the can contain an
infector or malware. It is like a Russian Roulette opening those type of links.

Now back to your paranoid issue.

Take the link below which you have posted and open it and go to the box in the
Quick Details where it say's English and click on the little arrow and select
Portuguese (Portugal) or Portuguese (Brazil) and then hit the Change button.
You nom have arrived at your PARANOID page that you are blowing hot air in the
direction of where the wind is coming from. Back in your face comes the crap that
comes out of your mouth with every breath that you are trying to exhale.

http://www.microsoft.com/downloads/e...displaylang=en

PARANOID,PARANOID and PARANOID you are

Get a life already and stop making a fool of yourself continuously.

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect

[~BD~]

Peter Foldes wrote:
[....]
> BD
>
> It is a legitimate site and period.

You cannot possibly know that for sure!

> You are purposely looking for trouble where there is none

I've been "looking for trouble" for 5 years - *anywhere*!

> The site is in Portuguese and is from MS. What is more dangerous is
> opening links that are from Tiny URL or from tinypic as you posted.
> Nobody knows what they are opening with those. Smart people do not open
> those links because the can contain an infector or malware. It is like a
> Russian Roulette opening those type of links.

I've *never* knowingly posted a *bad* link. Some folk know that to be true.

> Now back to your paranoid issue.
>
> Take the link below which you have posted and open it and go to the box
> in the Quick Details where it say's English and click on the little
> arrow and select Portuguese (Portugal) or Portuguese (Brazil) and then
> hit the Change button.
> You nom have arrived at your PARANOID page that you are blowing hot air
> in the direction of where the wind is coming from. Back in your face
> comes the crap that comes out of your mouth with every breath that you
> are trying to exhale.
>
> http://www.microsoft.com/downloads/e...displaylang=en
>
>
> PARANOID,PARANOID and PARANOID you are
>
> Get a life already and stop making a fool of yourself continuously.


You *never* listen! I have done as you asked and end up here:-

http://www.microsoft.com/downloads/d...playLang=pt-pt

But, and this is a *BIG BUT*, there is *no attempt whatsoever* for the
page to *automatically* download a file onto my computer. One has to
press a 'download button'.

They ARE different!

QED

[Peter Foldes]

Wooooosh. Went by you as usual. Do everyone a favor David and stop posting stupid
thins about everyone and everything that you come across

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect


"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:SPydnfXTN-Nw71DRnZ2dnUVZ7rednZ2d@bt.com...
> Peter Foldes wrote:
> [....]
>> BD
>>
>> It is a legitimate site and period.
>
> You cannot possibly know that for sure!
>
>> You are purposely looking for trouble where there is none
>
> I've been "looking for trouble" for 5 years - *anywhere*!
>
>> The site is in Portuguese and is from MS. What is more dangerous is
>> opening links that are from Tiny URL or from tinypic as you posted.
>> Nobody knows what they are opening with those. Smart people do not open
>> those links because the can contain an infector or malware. It is like a
>> Russian Roulette opening those type of links.
>
> I've *never* knowingly posted a *bad* link. Some folk know that to be true.
>
>> Now back to your paranoid issue.
>>
>> Take the link below which you have posted and open it and go to the box
>> in the Quick Details where it say's English and click on the little
>> arrow and select Portuguese (Portugal) or Portuguese (Brazil) and then
>> hit the Change button.
>> You nom have arrived at your PARANOID page that you are blowing hot air
>> in the direction of where the wind is coming from. Back in your face
>> comes the crap that comes out of your mouth with every breath that you
>> are trying to exhale.
>>
>> http://www.microsoft.com/downloads/e...displaylang=en
>>
>>
>> PARANOID,PARANOID and PARANOID you are
>>
>> Get a life already and stop making a fool of yourself continuously.
>
>
> You *never* listen! I have done as you asked and end up here:-
>
> http://www.microsoft.com/downloads/d...playLang=pt-pt
>
> But, and this is a *BIG BUT*, there is *no attempt whatsoever* for the page to
> *automatically* download a file onto my computer. One has to press a 'download
> button'.
>
> They ARE different!
>
> QED

[Mike Easter]

~BD~ wrote:
> Mike Easter wrote:
>
>> The file is from MS.
>
> How do you *KNOW* that? Serious question regarding that particular link.

The file is *actually* at microsoft.com, not some other place with an
URL that looks similar to MS's to the blind eye.

>> People trust MS to not provide malicious executables.
>
> They do! What better domain to choose to fool folk?!!!

You seem to think that it would be easy to cause the link in question to
give malware, but that is incorrect.

> A Spoofed URL

The wikipedia article about spoofed URL is about the exploitation of a
very old IE6 insecurity.

This is the 3rd group you've brought up the spoofed article recently. I
replied to that in s-e.

http://groups.google.com/group/alt.p...c3df0d18?hl=en


--
Mike Easter

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in
news:sMSdnYBB-Lzz_VDRnZ2dnUVZ8uednZ2d@bt.com:

> Mike Easter wrote:
>
>> The file is from MS.
>
> How do you *KNOW* that? Serious question regarding that particular
> link.

You provided the links, moron.

> They do! What better domain to choose to fool folk?!!!

Again, your wasting our time and looking in the wrong places.

your refers and plaguirism has been snipped; YOU need to read AND
understand the material, not us.


--
Some people are like a Slinky. Not much good for anything, but you can't
help but smile when one tumbles down the stairs.