Mail "[EN]Diablo III Account Locked - Action Required‏"

Questions autour de la sécurité en général.
Pour les désinfections, merci de vous rendre dans la partie Windows --> Virus : Aide Malwares
gravgun

Mail "[EN]Diablo III Account Locked - Action Required‏"

par gravgun »

Bonjour/bonsoir tout le monde!
(au fait, je ne suis pas sur de poster dans le bon forum...)
Cette semaine j'ai recu un mail assez loufoque dans mon dossier spam sur Hotmail, au titre de "[EN]Diablo III Account Locked - Action Required‏".
Ce mail raconte (ici, en anglais) que vous avez fait des bétises, des "transactions illégales" ("illegal transactions"), et que donc vous devez vérifiez votre compte grace a un lien affiché en tant que https://www.battle.net/account/d3/login-support.html, mais ce dernier pointe en réalité sur h**p://us.diablo.com.zh-sha.in/login.html?app=wam&ref=https://www.battle.net/account/&eor=0&app=bam, qui est bien sur un site de phishing..
D'ailleurs si l'on tente de se connecter à zh-sha.in, connexion impossible.
Je ne suis pas allé plus loin car je ne possède pas de compte Battle.net (réel ou bidon), car je ne joue pas à Diablo 3 (oui je roule sous linux!, donc pas de jeux windows (pas de wine non merci), sauf si je dual-boot sur un Windows 7).

Coté mail en lui-meme, il est envoyé en base64, mais grace aux magiques addresses data:text/plain;base64 , j'ai la source.
C'est un mail HTML 4.0 Transitional encodé en utf-8 avec des tags HTML en majuscule (oouuuh horreur, moi qui suis dev web).
Mais ce qui m'effraie c'est la ligne "<META name=GENERATOR content="MSHTML 8.00.6001.19298">".
Comme si Blizzard allait t'envoyer un mail dont le contenu a été enregistré à l'aide d'Internet Expl-horreur... PDT_004

Voici la source du mail complet pour ceux qui veulent (avec les en-tetes, et le mail decodé):

Code : Tout sélectionner

Authentication-Results: hotmail.com; sender-id=none (sender IP is 110.103.66.96) [email protected]; dkim=none header.d=email.com; x-hmca=none
X-SID-PRA: [email protected]
X-SID-Result: None
X-DKIM-Result: None
X-AUTH-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 2etWe3f/w1emhdx/aseFKKKkbFgY9UYGF1x17dKCbExMVNnYVn7Fk8XimO9SmYaYAQN3wCBVKvMEIInj8MFShuziY6ULHjtFfh7VKWUi1muYyiJhJZN7+xPUv2q0GUhp//x012+cT72JHXfggbpGwg==
Received: from WWW-9763E06E580.com ([110.103.66.96]) by COL0-MC1-F35.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Tue, 4 Sep 2012 20:47:31 -0700
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 5 Sep 2012 11:47:24 +0800
MIME-Version: 1.0
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Return-Path: [email protected]
X-OriginalArrivalTime: 05 Sep 2012 03:47:31.0850 (UTC) FILETIME=[2D907EA0:01CD8B19]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19298"></HEAD>
<BODY>
<DIV>Greetings</DIV>
<DIV>It has come to our attention that your account is involved in illegal 
transactions. As you may not be aware of, this conflicts with the EULA and Terms 
of Agreement.<BR>Terms of Use: (<A 
href="http://www.worldofwarcraft.com/legal/termsofuse.html">http://www.worldofwarcraft.com/legal/termsofuse.html</A>).</DIV>
<DIV>It will be ongoing for further investigation by Blizzard Entertainment's 
employees.<BR>If you wish to not get your account suspended you should 
immediately verify your account ownership.</DIV>
<DIV>You must complete the steps below to secure the account and your 
computer.</DIV>
<DIV>STEP 1: ACCOUNT INVESTIGATION <BR>We now provide a secure website for you 
to verify that you have taken the appropriate steps to secure the account, your 
computer, and your email address.</DIV>
<DIV>Click on the link below to verify your e-mail address of the Battle.net 
account:<BR><A 
href="http://us.diablo.com.zh-sha.in/login.html?app=wam&ref=https://www.battle.net/account/&eor=0&app=bam">https://www.battle.net/account/d3/login-support.html</A><BR>If 
you can’t click the link above, copy and paste the entire URL into your 
browser.</DIV>
<DIV>STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED <BR>We will contact you with 
further instructions once we have received and processed your submission. If you 
do not receive a reply within 48 hours of submitting this form, please resend it 
from the address listed above.</DIV>
<DIV>Please be aware that if unauthorized access to this account, it may lead to 
further action against the account.</DIV>
<DIV>We understand that these policies may seem harsh, but they are in place to 
ensure that every player is able to enjoy their time in game. Thank you for 
respecting our position.</DIV>
<DIV><BR>Please do not reply to this email as you will receive an automated 
response. </DIV>
<DIV>Regards, </DIV>
<DIV>Thary<BR>Account Administration Team<BR>Blizzard Entertainment 
2012</DIV></BODY></HTML>
Voila, c'était juste pour prévenir certaines personnes... Et si vous voulez aller plus loin pour en apprendre plus, allez-y!
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Securite informatique »