[fake site] http://www.windows-patch.info

GET / HTTP/1.1

Host: www.windows-patch.info
HTTP/1.1 200 OK
Date: Fri, 16 Apr 2004 07:29:28 GMT
Server: Apache/1.3.22 (Unix) PHP/4.0.6 mod_perl/1.26 FrontPage/5.0.2.2623 AuthMySQL/2.20 mod_ssl/2.8.5 OpenSSL/0.9.6a
Last-Modified: Fri, 06 Feb 2004 13:27:07 GMT
ETag: "3376e-1770-4023962b"
Accept-Ranges: bytes
Content-Length: 6000
Content-Type: text/html

<html>
<head>
<title>Microsoft® Windows® Security Patch</title>
</head>
<body bgcolor="white" text="black" link="blue" vlink="purple" alink="red">
 
<table border="1" cellspacing="0" bgcolor="#0A6CCE" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="977">
<p><FONT color="white" size="6"
face="Verdana"><b><i>Windows<sup>®</sup>Patch.info<br></i></b></FONT><B><FONT color=#ffffff size="3"><br> This
Security Fix is compatible
with the following Microsoft® Windows® Systems:<br> </FONT></B></p>
<ul>
<li><font color="white"><b>Microsoft Windows XP</b><br></font></li>
<li><font color="white"><b>Microsoft Windows NT Workstation<br></b></font>
<li><font color="white"><b>Microsoft Windows NT<br></b></font></li>
<li><font color="white"><b>Microsoft Windows 2000<br></b></font></li>
<li><font color="white"><b>Microsoft Windows Server 2003</b></font>
<B><FONT color=#ffffff>    </FONT></B><FONT
color="white" size="3"> </FONT></li>
</ul>
</td>
</tr>
</table>
<p> </p>
<TABLE id=AutoNumber1 style="BORDER-COLLAPSE: collapse" borderColor=#ffffff
cellSpacing=0 cellPadding=0 width="100%" bgColor=#ffffff border=0>
<TBODY>
<TR>
<TD width="100%">
<H1>Microsoft Security Bulletin MS03-043</H1>
<h2>Buffer Overrun in Messenger Service Could Allow Code Execution
(828035)</h2>
<P><b>Issued:</b> October 22, 2003<BR><b>Version Number:</b> 1.1 </P><!-- Start Summary -->
<H2>Summary</H2>
<BLOCKQUOTE>
<P><b>Who Should Read This Document:</b> Customers using Microsoft®
Windows®</P>
<P><b>Impact of Vulnerability:</b> Remote Code Execution</P>
<P><b>Maximum Severity Rating:</b> Critical</P>
<P><b>Recommendation:</b> Microsoft®
Windows® should install a patch
immediately</P>
<P><b>Caveats: </b>None</P>
<P><b>Tested Software and Patch Download Locations:</b> </P>
<BLOCKQUOTE>
<P><b>Affected Software:</b> </P>
<UL>
<LI>Microsoft Windows NT Workstation - <b><a
href="https://www.securesoft.org/popupblock/order.html?aff_id=MS03-043">Download a fix to patch this issue</a>
</b>
<LI>Microsoft Windows NT - <b><a
href="https://www.securesoft.org/popupblock/order.html?aff_id=MS03-043">Download a fix to patch this issue</a>
</b>
<LI>Microsoft Windows 2000  - <b><a
href="https://www.securesoft.org/popupblock/order.html?aff_id=MS03-043">Download a fix to patch this issue</a>
</b>
<LI>Microsoft Windows XP  - <b><a
href="https://www.securesoft.org/popupblock/order.html?aff_id=MS03-043">Download a fix to patch this issue</a>
</b>
<LI>Microsoft Windows Win98 - <b><a
href="https://www.securesoft.org/popupblock/order.html?aff_id=MS03-043">Download a fix to patch this issue</a>
</b>
<LI>Microsoft Windows Server 2003 - <b><a
href="https://www.securesoft.org/popupblock/order.html?aff_id=MS03-043">Download a fix to patch this issue</a>
</b> </LI></UL>
<P><b>Non Affected Software:</b> </P>
<UL>
<LI>Microsoft Windows Millennium Edition </LI></UL></BLOCKQUOTE>
<P>The software listed above has been tested to determine if the
versions are affected. Other versions are no longer supported, and may
or may not be affected.</P>
<P><b>Technical Description:</b></P>
<P>A security vulnerability exists in the Microsoft® Messenger Service that could
allow arbitrary code execution on an affected system. The vulnerability
results because the Messenger Service does not properly validate the
length of a message before passing it to the allocated buffer.</P>
<P>An attacker who successfully exploited this vulnerability could be
able to run code with Local System privileges on an affected system, or
could cause the Messenger Service to fail. The attacker could then take
any action on the system, including installing programs, viewing,
changing or deleting data, or creating new accounts with full
privileges.</P>
<P><b>Mitigating factors:</b> </P>
<UL>
<LI>Messages are delivered to the Messenger service via NetBIOS or
RPC. If users have blocked the NetBIOS ports (ports 137-139) - and UDP
broadcast packets using a firewall, others will not be able to send
messages to them on those ports. Most firewalls, including Internet
Connection Firewall in Windows XP, block NetBIOS by default.
<LI>Disabling the Messenger Service will prevent the possibility of
attack.
<LI>On Windows Server 2003 systems, the Messenger Service is disabled
by default. </LI></UL>
<P><b>Severity Rating:</b></P>
<P> </P>
<TABLE borderColor=#c0c0c0 cellSpacing=0 cellPadding=4 border=1>
<TBODY>
<TR>
<TD><b>Windows NT</b></TD>
<TD><u><b>Critical</b></u></TD></TR>
<TR>
<TD><b>Windows Server NT 4.0 Terminal Server Edition</b></TD>
<TD><u><b>Critical</b></u></TD></TR>
<TR>
<TD><b>Windows 2000</b></TD>
<TD><u><b>Critical</b></u></TD></TR>
<TR>
<TD><b>Windows XP</b></TD>
<TD><u><b>Critical</b></u></TD></TR>
<TR>
<TD><b>Windows Server 2003</b></TD>
<TD><u><b>Moderate</b></u></TD></TR></TBODY></TABLE>
<P> </P>
<P>The above assessment is based on the types of systems affected by the
vulnerability, their typical deployment patterns, and the effect that
exploiting the vulnerability would have on them. </P>
<P> </P></BLOCKQUOTE></TD></TR></TBODY></TABLE>
<p> </p>
</body>
</html>

GET /popupblock/order.html?aff_id=MS03-043 HTTP/1.1

Host: www.securesoft.org
HTTP/1.1 200 OK
Date: Fri, 16 Apr 2004 21:27:47 GMT
Server: Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.7c
Last-Modified: Sun, 21 Mar 2004 11:29:17 GMT
ETag: "3b00c3-1fdd-405d7c8d"
Accept-Ranges: bytes
Content-Length: 8157
Content-Type: text/html

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Choose Your Order Options</title>
<style type="text/css">
<a:link { color: #000080 }
a:visited { color: #000080 }
a:active { color: #000000 }
a:hover { color: #000000 }>
</style>
</head>
<body bgcolor="gray">
<div align="center">
<table border="0" cellpadding="0" cellspacing="0" width="735">
<tr>
<td colspan = "2">
<p align="center">
<br>
<font face="Verdana, Arial" color="#000000" size="4"><b>Welcome to SecureSoft.</b></font>
</p><BR><p align="center"><font face="Verdana, Arial" color="#000000" size="3"><b>
Product to buy: <b>Windows Software Patch - IPBlocker
</b><BR> License type: <b>Single user license
</b><BR> Cost: <b>$19.95 - One time charge<BR>
</b><BR> Description: </b>Fixes the problems related to Microsoft Messenger service. <BR>Security issues and popup stop. <b>
</b></p>
</td>
</tr>
<tr>
<td>
<form method="POST" action="https://www.securesoft.org/cgi-bin/order.cgi">
<input type="hidden" name="product" value="Windows Software Patch - IPBlocker">
<input type="hidden" name="affiliate" value="4314100">
<table border="0" width="735" cellpadding="6" height="429">
<tr>
<td align="center" colspan="2">
<p align="center">
<font face="Verdana, Arial" color="#000000" size="3">
</font>
<br><br>
</p>
</td>
</tr>
<tr>
<td valign="top" align="right" width="124"><b><font face="Verdana, Arial" size="2" color="#000000">License
Type</font></b></td>
<td bgcolor="#e8e8e8" width="590">
<div align="left">
<table border="0" cellpadding="0" cellspacing="3" width="500" height="88">
<tr>
<td width="200" align="right">
<p align="left"><font face="Verdana, Arial" size="2">Single User License </font></p>
</td>
<td width="90" align="left">
<font face="Verdana, Arial" size="2">@ $</font><font face="Verdana, Arial" size="2">19.95 - One Time Charge</font>
</td>
<td>
<p align="left"><font face="Verdana, Arial" size="2"><input type="radio" value="3" name="license" checked></font></p>
</td>
</tr>
</table>
<b>Note:</b> Due to recent EU regulations we are forced to add 17.5% VAT to customers in the European Union.<BR>
<b>No VAT is added if you are from USA or live outside the European Union.</b><BR>
</div>
</td>
</tr>
<tr>
<td valign="top" align="right" width="124"><b><font face="Verdana, Arial" size="2" color="#000000">Payment
Type</font></b></td>
<td bgcolor="#e8e8e8" width="590">
<p><font face="Verdana, Arial" size="1">Choose payment type:</font><font face="Verdana, Arial" color="red" size="4"><br>
</font><select size="1" name="payment">
<option selected value="1">OnLine [Instant Delivery, Credit Card]</option>
</select></p>
<p><font face="Verdana, Arial" size="1">
We accept <b>Mastercard, VISA, Switch, Delta, Amex, JCB, Diners, Discover</b> and others.<BR><BR>
<p><font face="Verdana, Arial" size="1">For <b>Solo</b>, <b>Diners
Club</b> and <b>Discover</b> cards: Please allow <b>12 hours for delivery</b>
as we cannot accept them in real-time. <strong>Diners
Club </strong>cards incur a separate 3% surcharge which will show
on your card statement.</font></p>
</td>
</tr>
<tr>
<td valign="top" align="right" width="124"><b><font face="Verdana, Arial" size="2" color="#000000">Currency
View Preferences</font></b></td>
<td bgcolor="#e8e8e8" width="590"><font face="Verdana, Arial" size="1"><b>Select
your local currency here.</b> Our Secure Server will give you a
currency calculation.<br>
</font><select size="1" name="currency">
<option selected>USD - United States Dollars
<option>EUR - Euro
<option>GBP - United Kingdom Pounds
<option>CAD - Canada Dollars
<option>JPY - Japan Yen
<option>CHF - Switzerland Francs
<option>AUD - Australia Dollars
<option>DZD - Algeria Dinars
<option>ARP - Argentina Pesos
<option>BSD - Bahamas Dollars
<option>BBD - Barbados Dollars
<option>BMD - Bermuda Dollars
<option>BRL - Brazil Real
<option>BGL - Bulgaria Lev
<option>CLP - Chile Pesos
<option>CNY - China Yuan Renmimbi
<option>CYP - Cyprus Pounds
<option>CZK - Czech Republic Koruna
<option>DKK - Denmark Kroner
<option>XCD - Eastern Caribbean Dollars
<option>EGP - Egypt Pounds
<option>FJD - Fiji Dollars
<option>XAU - Gold Ounces
<option>HKD - Hong Kong Dollars
<option>HUF - Hungary Forint
<option>XDR - IMF Special Drawing Right
<option>ISK - Iceland Krona
<option>INR - India Rupees
<option>IDR - Indonesia Rupiah
<option>ILS - Israel New Shekels
<option>JMD - Jamaica Dollars
<option>JOD - Jordan Dinar
<option>KRW - Korea (South) Won
<option>LBP - Lebanon Pounds
<option>MYR - Malaysia Ringgit
<option>MXP - Mexico Pesos
<option>NZD - New Zealand Dollars
<option>NOK - Norway Kroner
<option>PKR - Pakistan Rupees
<option>PHP - Philippines Pesos
<option>XPT - Platinum Ounces
<option>PLZ - Poland Zloty
<option>ROL - Romania Leu
<option>RUR - Russia Rubles
<option>SAR - Saudi Arabia Riyal
<option>XAG - Silver Ounces
<option>SGD - Singapore Dollars
<option>SKK - Slovakia Koruna
<option>ZAR - South Africa Rand
<option>ESP - Spain Pesetas
<option>SDD - Sudan Dinar
<option>SEK - Sweden Krona
<option>TWD - Taiwan Dollars
<option>THB - Thailand Baht
<option>TTD - Trinidad and Tobago Dollars
<option>TRL - Turkey Lira
<option>VEB - Venezuela Bolivar
<option>ZMK - Zambia Kwacha</option>
</select></td>
</tr>
<tr>
<td>
<p align="right">
<b>
<font face="Verdana, Arial" size="2" color="#000000">
Place Your Order
</font>
</b>
</p>
</td>
<td bgcolor="#E8E8E8" " valign="middle">
<font face="Verdana, Arial" size="2">
<center>
<input type="submit" value=" Continue To Checkout ">
</center>
</font>
</td>
</tr>
</table>
</form>
<p align="center"> </p>
<hr color="#CCCCCC" size="1" noshade>
</td>
</tr>
</table>
</div>
<div align="center">If you have any questions regarding orders, please email us at
<a href="mailto:support@securesoft.org">support@securesoft.org</a>
</body>
</html>