Kaspersky Lab WTF?

Posted by: gbeer

Kaspersky Lab WTF? - 29/07/2010 01:10

I received an email from [email protected]

I've never heard of them before receiving the email. Strangely a quick google, generates a page full of on target links for the company. Which I find to be abnormal for just typing in a company name.


Html:
Hello!

Thank you for registering your Kaspersky Lab product!

This email contains your personal ID and the Password to it.

Your current registration data is:

Your Personal ID: omit
Password: omit

To enter your Personal Cabinet, please use the following link:
https://support.kaspersky.com/PersonalCabinet

Do not lose your personal ID (Client ID) as you will need it in the future.

Contact Kaspersky Lab Technical Support at http://support.kaspersky.com to 
purchase additional product or to extend the current Kaspersky Lab product.

Sincerely yours,
Kaspersky Lab
Posted by: Shonky

Re: Kaspersky Lab WTF? - 29/07/2010 02:36

Kapersky Labs is actually a fairly well known anti virus vendor.

http://en.wikipedia.org/wiki/Kaspersky_Lab

I would guess that email is spam/phishing/malware related. Is it HTML? I would guess the link is to somewhere else.

Could also be someone trying to discredit them I guess.
Posted by: tman

Re: Kaspersky Lab WTF? - 29/07/2010 02:48

Phishing or somebody fat fingered entering their email address when they registered on the site.
Posted by: gbeer

Re: Kaspersky Lab WTF? - 29/07/2010 22:52

Originally Posted By: Shonky
Kapersky Labs is actually a fairly well known anti virus vendor.

http://en.wikipedia.org/wiki/Kaspersky_Lab

I would guess that email is spam/phishing/malware related. Is it HTML? I would guess the link is to somewhere else.

Could also be someone trying to discredit them I guess.


Hard to say if it's html with gmail. Showing the source seems to show only text.

Code:
Delivered-To: gkbeer (at) gmail.com
Received: by 10.142.232.16 with SMTP id e16cs197419wfh;
        Wed, 28 Jul 2010 17:00:05 -0700 (PDT)
Received: by 10.14.126.198 with SMTP id b46mr2857300eei.34.1280361601961;
        Wed, 28 Jul 2010 17:00:01 -0700 (PDT)
Return-Path: <bounce (at) kaspersky.com>
Received: from webserver6.kaspersky-labs.com (webserver6.kaspersky-labs.com [62.213.110.130])
        by mx.google.com with ESMTP id z16si390758eeh.19.2010.07.28.17.00.01;
        Wed, 28 Jul 2010 17:00:01 -0700 (PDT)
Received-SPF: neutral (google.com: 62.213.110.130 is neither permitted nor denied by best guess record for domain of bounce (at) kaspersky.com) client-ip=62.213.110.130;
Authentication-Results: mx.google.com; spf=neutral (google.com: 62.213.110.130 is neither permitted nor denied by best guess record for domain of bounce (at) kaspersky.com) smtp.mail=bounce (at) kaspersky.com
Received: by webserver6.kaspersky-labs.com (Postfix, from userid 800)
	id 083D9154D; Thu, 29 Jul 2010 04:00:01 +0400 (MSD)
MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain; charset="utf-8"
X-Mailer: MIME::Lite 3.024 (F2.77; T1.27; A2.04; B3.08; Q3.08)
Date: Thu, 29 Jul 2010 03:55:13 +0400
From: online (at) kaspersky.com
To: gkbeer (at) gmail.com
Subject: Kaspersky Lab Online Activation
Message-Id: <[email protected]>


Posted by: hybrid8

Re: Kaspersky Lab WTF? - 29/07/2010 22:55

Someone likely used your email address on their site.
Posted by: gbeer

Re: Kaspersky Lab WTF? - 29/07/2010 23:06

So if I was evil, I could have a copy of the software.

Not, I'm happy with NOD.
Posted by: gbeer

Re: Kaspersky Lab WTF? - 29/07/2010 23:08

The earlier post blew the board width. I tried to edit the long line down. But the code frame stayed wide.
Posted by: tman

Re: Kaspersky Lab WTF? - 29/07/2010 23:12

Looks legitimate and your email address isn't so unusual that nobody else in the world will have one similar at gmail.
Posted by: Phoenix42

Re: Kaspersky Lab WTF? - 30/07/2010 00:07

drakino - there is a second instance of Glenn's address third line from the bottom.
Posted by: drakino

Re: Kaspersky Lab WTF? - 30/07/2010 00:20

There we go, full search and replace this time. Still lots of bots that harvest e-mail addresses from web pages out there.
Posted by: Shonky

Re: Kaspersky Lab WTF? - 30/07/2010 00:39

The IP does resolve to Russia and reverse resolves a kaperskylabs.com address so it appears legit.

The username and password are strangely simple (and don't work - tried on a special VM I have).

The only other thing is if you click the link (don't!) and it takes you somewhere else. But given the legit source of the email I doubt it.

Strange one.
Posted by: RobotCaleb

Re: Kaspersky Lab WTF? - 30/07/2010 01:50

Are you surprised that the username and password that he omitted (and indicated so) don't work? smile
Posted by: Shonky

Re: Kaspersky Lab WTF? - 01/08/2010 02:20

Oh yeah. Didn't click.