Re: Microsoft the source of all evil?? Simple question

[Nick Pistentis <nick () NICKPISTENTIS NET>]

I saw the same thing last week when I did a google search for "Windows
XP Service Pack 3." Alarmingly, it was the first hit - above MS's
legitimate technet page on the subject. Luckily I noted the URL before
clicking - one of our forensics guys said that the executable posted
there is roughly 300k larger than the genuine file posted on the MS
download page, and he echoed Jim's observation that the page is visually
near-identical.

-Nick

____________________________
Nick Pistentis
Manager, ISS Student Technology Services
George Washington University
202.994.6202
nlp () gwu edu
http://iss.gwu.edu/sts



James Moore wrote:
> I went looking for more documentation on Powershell on Google.
>
> The string that I used was “guide powershell”
>
> It came back with
>
>
>     *Download details: Windows PowerShell 1.0 Documentation Pack
>     <http://thesource.ofallevil.com/downloads/details.aspx?FamilyId=B4720B00-9A66-430F-BD56-EC48BFCA154F&displaylang=en>
>     
> <http://www.siteadvisor.com/sites/ofallevil.com?ref=safesearch&client_ver=FF_26.5_6256&locale=en-US&premium=false&aff_id=0>*
>
> Documentation of Windows *PowerShell* 1.0, which includes the Windows
> *PowerShell* Getting Started *Guide*, the Windows *PowerShell* Primer,
> the Windows *PowerShell* *...*
> thesource.ofallevil.com/.../details.aspx?FamilyId=B4720B00-9A66-430F-BD56-EC48BFCA154F&displaylang=en
> - 31k -
>
> _Note the URL. _
>
> Not having had my 2^nd cup of coffee, and also trusting McAfee’s
> SiteAdvisor™ , I clicked on it.
>
> The result looks surprisingly like a Microsoft site. The URL doesn’t.
>
> Anyone know more about “ofallevil.com”. Whois shows it in Bellevue,
> WA, but it is privacy protected.
>
> http://thesource.ofallevil.com/en/us/default.aspx looks very Microsoft.
>
> http://www.ofallevil.com/ returns a blank page.
>
> Jim
>
> Jim
>
> - - - -
> Jim Moore, CISSP, IAM
> Information Security Officer
> Rochester Institute of Technology
> 13 Lomb Memorial Drive
> Rochester, NY 14623-5603
> (585) 475-5406 (office)
> (585) 475-4208 (lab)
> (585) 475-7950 (fax)
>
>
>
> "We will have a chance when we are as efficient at communicating
> information security best practices, as hackers and criminals are at
> sharing attack information" - Peter Presidio
>
> Confidentiality Notice: Do the right thing. If this has the words
> "Confidential" or "Private" in the subject line, or similar language
> in the email body, or as a label on any attachment, then think. Do you
> know me? Did you expect to receive this? Do you recognize and work
> with the other addressees? If not, then you probably received this in
> error. Please, be respectful and courteous, and delete it immediately.
> Please, don't forward it to anyone.
>
> Now, wasn't that simple. Just, if you had made an error in a sensitive
> email, and I received it, what would you want me to do with it?