(au fait, je ne suis pas sur de poster dans le bon forum...)
Cette semaine j'ai recu un mail assez loufoque dans mon dossier spam sur Hotmail, au titre de "[EN]Diablo III Account Locked - Action Required".
Ce mail raconte (ici, en anglais) que vous avez fait des bétises, des "transactions illégales" ("illegal transactions"), et que donc vous devez vérifiez votre compte grace a un lien affiché en tant que https://www.battle.net/account/d3/login-support.html, mais ce dernier pointe en réalité sur h**p://us.diablo.com.zh-sha.in/login.html?app=wam&ref=https://www.battle.net/account/&eor=0&app=bam, qui est bien sur un site de phishing..
D'ailleurs si l'on tente de se connecter à zh-sha.in, connexion impossible.
Je ne suis pas allé plus loin car je ne possède pas de compte Battle.net (réel ou bidon), car je ne joue pas à Diablo 3 (oui je roule sous linux!, donc pas de jeux windows (pas de wine non merci), sauf si je dual-boot sur un Windows 7).
Coté mail en lui-meme, il est envoyé en base64, mais grace aux magiques addresses data:text/plain;base64 , j'ai la source.
C'est un mail HTML 4.0 Transitional encodé en utf-8 avec des tags HTML en majuscule (oouuuh horreur, moi qui suis dev web).
Mais ce qui m'effraie c'est la ligne "<META name=GENERATOR content="MSHTML 8.00.6001.19298">".
Comme si Blizzard allait t'envoyer un mail dont le contenu a été enregistré à l'aide d'Internet Expl-horreur...
Voici la source du mail complet pour ceux qui veulent (avec les en-tetes, et le mail decodé):
Code : Tout sélectionner
Authentication-Results: hotmail.com; sender-id=none (sender IP is 110.103.66.96) [email protected]; dkim=none header.d=email.com; x-hmca=none
X-SID-PRA: [email protected]
X-SID-Result: None
X-DKIM-Result: None
X-AUTH-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 2etWe3f/w1emhdx/aseFKKKkbFgY9UYGF1x17dKCbExMVNnYVn7Fk8XimO9SmYaYAQN3wCBVKvMEIInj8MFShuziY6ULHjtFfh7VKWUi1muYyiJhJZN7+xPUv2q0GUhp//x012+cT72JHXfggbpGwg==
Received: from WWW-9763E06E580.com ([110.103.66.96]) by COL0-MC1-F35.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 4 Sep 2012 20:47:31 -0700
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 5 Sep 2012 11:47:24 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Return-Path: [email protected]
X-OriginalArrivalTime: 05 Sep 2012 03:47:31.0850 (UTC) FILETIME=[2D907EA0:01CD8B19]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19298"></HEAD>
<BODY>
<DIV>Greetings</DIV>
<DIV>It has come to our attention that your account is involved in illegal
transactions. As you may not be aware of, this conflicts with the EULA and Terms
of Agreement.<BR>Terms of Use: (<A
href="http://www.worldofwarcraft.com/legal/termsofuse.html">http://www.worldofwarcraft.com/legal/termsofuse.html</A>).</DIV>
<DIV>It will be ongoing for further investigation by Blizzard Entertainment's
employees.<BR>If you wish to not get your account suspended you should
immediately verify your account ownership.</DIV>
<DIV>You must complete the steps below to secure the account and your
computer.</DIV>
<DIV>STEP 1: ACCOUNT INVESTIGATION <BR>We now provide a secure website for you
to verify that you have taken the appropriate steps to secure the account, your
computer, and your email address.</DIV>
<DIV>Click on the link below to verify your e-mail address of the Battle.net
account:<BR><A
href="http://us.diablo.com.zh-sha.in/login.html?app=wam&ref=https://www.battle.net/account/&eor=0&app=bam">https://www.battle.net/account/d3/login-support.html</A><BR>If
you can’t click the link above, copy and paste the entire URL into your
browser.</DIV>
<DIV>STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED <BR>We will contact you with
further instructions once we have received and processed your submission. If you
do not receive a reply within 48 hours of submitting this form, please resend it
from the address listed above.</DIV>
<DIV>Please be aware that if unauthorized access to this account, it may lead to
further action against the account.</DIV>
<DIV>We understand that these policies may seem harsh, but they are in place to
ensure that every player is able to enjoy their time in game. Thank you for
respecting our position.</DIV>
<DIV><BR>Please do not reply to this email as you will receive an automated
response. </DIV>
<DIV>Regards, </DIV>
<DIV>Thary<BR>Account Administration Team<BR>Blizzard Entertainment
2012</DIV></BODY></HTML>