Message ostensibly from Microsoft

Archived from groups: microsoft.public.windowsxp.general (More info?)

I recently received a message, ostensibly from Microsoft, which directed me
to go to the following domain and install a change to my copy of Windows:

http://oca.microsoft.com

However, I have never even *heard* of this domain. In today's phishing
environment, I am reluctant, to put it mildly, to get such high-sensitivity
information from what may or may not be an authentic source. Microsoft does
itself a disservice by using a domain which people do not recognize. Why not
just use www.microsoft.com, if I may ask?

Thomas L. Jones, Ph.D., Computer Science
DrJonesrqxnospam8y@alum.MIT.edu
13 answers Last reply
More about message ostensibly microsoft
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    just my 2 cents worth, as publicly stated a number of times microsoft does
    not do this type of notification via e-mail, also the site looks very lame,
    personally wouldn't touch it
    --
    there are no problems, just challenges


    "Doc Jones" wrote:

    > I recently received a message, ostensibly from Microsoft, which directed me
    > to go to the following domain and install a change to my copy of Windows:
    >
    > http://oca.microsoft.com
    >
    > However, I have never even *heard* of this domain. In today's phishing
    > environment, I am reluctant, to put it mildly, to get such high-sensitivity
    > information from what may or may not be an authentic source. Microsoft does
    > itself a disservice by using a domain which people do not recognize. Why not
    > just use www.microsoft.com, if I may ask?
    >
    > Thomas L. Jones, Ph.D., Computer Science
    > DrJonesrqxnospam8y@alum.MIT.edu
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    This isn't the commonly seen bogus security update email, but rather the
    user is seeing the result of having error reporting enabled. The prompt to
    go to oca.microsoft.com (oca=online crash analysis) is a normal response if
    there are any articles available that pertain to the cause of whatever
    initiated the error.

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "steve" <steve@discussions.microsoft.com> wrote in message
    news:6D1E9817-D766-4130-ABA3-6E8482A8AE21@microsoft.com...
    > just my 2 cents worth, as publicly stated a number of times microsoft does
    > not do this type of notification via e-mail, also the site looks very
    > lame,
    > personally wouldn't touch it
    > --
    > there are no problems, just challenges
    >
    >
    > "Doc Jones" wrote:
    >
    >> I recently received a message, ostensibly from Microsoft, which directed
    >> me
    >> to go to the following domain and install a change to my copy of Windows:
    >>
    >> http://oca.microsoft.com
    >>
    >> However, I have never even *heard* of this domain. In today's phishing
    >> environment, I am reluctant, to put it mildly, to get such
    >> high-sensitivity
    >> information from what may or may not be an authentic source. Microsoft
    >> does
    >> itself a disservice by using a domain which people do not recognize. Why
    >> not
    >> just use www.microsoft.com, if I may ask?
    >>
    >> Thomas L. Jones, Ph.D., Computer Science
    >> DrJonesrqxnospam8y@alum.MIT.edu
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Doc Jones wrote:
    > I recently received a message, ostensibly from Microsoft, which
    > directed me to go to the following domain and install a change to my
    > copy of Windows:
    >
    > http://oca.microsoft.com
    >
    > However, I have never even *heard* of this domain. In today's phishing
    > environment, I am reluctant, to put it mildly, to get such
    > high-sensitivity information from what may or may not be an authentic
    > source. Microsoft does itself a disservice by using a domain which
    > people do not recognize. Why not just use www.microsoft.com, if I may
    > ask?
    >
    > Thomas L. Jones, Ph.D., Computer Science
    > DrJonesrqxnospam8y@alum.MIT.edu

    You have a PHD in computer science and you don't know about sub-domains?

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
    news:494A31B4-257C-4570-877E-1675E9264FF3@microsoft.com...
    >I recently received a message, ostensibly from Microsoft, which directed me
    > to go to the following domain and install a change to my copy of Windows:
    >
    > http://oca.microsoft.com
    >
    > However, I have never even *heard* of this domain. In today's phishing
    > environment, I am reluctant, to put it mildly, to get such
    > high-sensitivity
    > information from what may or may not be an authentic source. Microsoft
    > does
    > itself a disservice by using a domain which people do not recognize. Why
    > not
    > just use www.microsoft.com, if I may ask?

    oca.microsoft.com - is one of our sites (the domain is microsoft.com - the
    host is the OCA, just as we also have download.microsoft.com and
    beta.microsoft.com) - it is used for the tracking of uploaded crash dumps -
    hence the name "online crash analysis"

    Interestingly you would normally only have deep access to this site if you
    had uploaded a crash dump to us and the site is not normally a location for
    downloads unless it is again a specific tool or change required in the
    ongoing investigation of a crash.

    I am however worried by your claim that the message was "ostensibly from
    Microsoft" - who else was it from ?

    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups

    "Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
    news:494A31B4-257C-4570-877E-1675E9264FF3@microsoft.com...
    >I recently received a message, ostensibly from Microsoft, which directed me
    > to go to the following domain and install a change to my copy of Windows:
    >
    > http://oca.microsoft.com
    >
    > However, I have never even *heard* of this domain. In today's phishing
    > environment, I am reluctant, to put it mildly, to get such
    > high-sensitivity
    > information from what may or may not be an authentic source. Microsoft
    > does
    > itself a disservice by using a domain which people do not recognize. Why
    > not
    > just use www.microsoft.com, if I may ask?
    >
    > Thomas L. Jones, Ph.D., Computer Science
    > DrJonesrqxnospam8y@alum.MIT.edu
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Mike Brannigan [MSFT] on 09/06/2005 wrote:

    > I am however worried by your claim that the message was "ostensibly
    > from Microsoft" - who else was it from ?

    I often see mail which looks superficially to be from Microsoft
    attempting to direct a user to a phony site to download mal-ware or
    trying to tell the user to execute some exe attached for security
    reasons, are you as a rep of Microsoft not aware of these forged mails?
    I report most of them either to Microsoft or via spamcop. Doc Jones
    did the correct thing when he pondered over an out of the ordinary mail
    from Microsoft.

    Rob
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
    news:3gqlhoFdtmbkU1@individual.net...
    > Mike Brannigan [MSFT] on 09/06/2005 wrote:
    >
    >> I am however worried by your claim that the message was "ostensibly
    >> from Microsoft" - who else was it from ?
    >
    > I often see mail which looks superficially to be from Microsoft
    > attempting to direct a user to a phony site to download mal-ware or
    > trying to tell the user to execute some exe attached for security
    > reasons, are you as a rep of Microsoft not aware of these forged mails?

    Of course I am aware of them - the point was that the direction was actually
    to a Microsoft hosted system (oca.microsoft.com) as the original poster
    thought it was a different "domain" which it was not it is just a different
    host as I pointed out by example.
    We have also had pages up for some time about how to tell if a mail is
    really from us - see
    http://www.microsoft.com/athome/security/email/default.mspx
    and
    http://www.microsoft.com/security/incident/authenticate_mail.mspx

    The location being pointed to in the original posters e-mail was to a
    microsoft.com site.

    > I report most of them either to Microsoft or via spamcop. Doc Jones
    > did the correct thing when he pondered over an out of the ordinary mail
    > from Microsoft.


    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups

    "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
    news:3gqlhoFdtmbkU1@individual.net...
    > Mike Brannigan [MSFT] on 09/06/2005 wrote:
    >
    >> I am however worried by your claim that the message was "ostensibly
    >> from Microsoft" - who else was it from ?
    >
    > I often see mail which looks superficially to be from Microsoft
    > attempting to direct a user to a phony site to download mal-ware or
    > trying to tell the user to execute some exe attached for security
    > reasons, are you as a rep of Microsoft not aware of these forged mails?
    > I report most of them either to Microsoft or via spamcop. Doc Jones
    > did the correct thing when he pondered over an out of the ordinary mail
    > from Microsoft.
    >
    > Rob
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Canopus wrote:

    > Mike Brannigan [MSFT] on 09/06/2005 wrote:
    >
    >
    >>I am however worried by your claim that the message was "ostensibly
    >>from Microsoft" - who else was it from ?
    >
    >
    > I often see mail which looks superficially to be from Microsoft
    > attempting to direct a user to a phony site to download mal-ware or
    > trying to tell the user to execute some exe attached for security
    > reasons, are you as a rep of Microsoft not aware of these forged mails?
    > I report most of them either to Microsoft or via spamcop. Doc Jones
    > did the correct thing when he pondered over an out of the ordinary mail
    > from Microsoft.
    >
    > Rob

    The OP didn't say it was an email.

    Steve
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Mike Brannigan [MSFT]" wrote:

    > "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
    > news:3gqlhoFdtmbkU1@individual.net...
    > > Mike Brannigan [MSFT] on 09/06/2005 wrote:
    > >
    > >> I am however worried by your claim that the message was "ostensibly
    > >> from Microsoft" - who else was it from ?

    From Tom:

    "Ostensibly" just means that the message claimed to be from Microsoft. On
    the basis of additional information, it almost certainly WAS from Microsoft.

    I respectfully request that the software be changed, so that the domain or
    sub-domain or whatever of these reports is is: www.microsoft.com

    Hope this helps.
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
    news:71A967FA-0583-4507-8C8F-7B30E847CA18@microsoft.com...
    >
    >
    > "Mike Brannigan [MSFT]" wrote:
    >
    >> "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
    >> news:3gqlhoFdtmbkU1@individual.net...
    >> > Mike Brannigan [MSFT] on 09/06/2005 wrote:
    >> >
    >> >> I am however worried by your claim that the message was "ostensibly
    >> >> from Microsoft" - who else was it from ?
    >
    > From Tom:
    >
    > "Ostensibly" just means that the message claimed to be from Microsoft. On
    > the basis of additional information, it almost certainly WAS from
    > Microsoft.
    >
    > I respectfully request that the software be changed, so that the domain or
    > sub-domain or whatever of these reports is is: www.microsoft.com
    >

    It is not A SUB DOMAIN.
    It is a host name.
    The domain is microsoft.com the host names are www (web server) OCA (online
    crash analysis) download (the download site) update (the Microsoft update
    site) beta (our Beta testing support site) etc etc etc
    We do not need to change anything, you need to understand about DNS names
    and how they are formed - or just accept that if it ends in microsoft.com
    it's one of ours.

    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups

    "Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
    news:71A967FA-0583-4507-8C8F-7B30E847CA18@microsoft.com...
    >
    >
    > "Mike Brannigan [MSFT]" wrote:
    >
    >> "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
    >> news:3gqlhoFdtmbkU1@individual.net...
    >> > Mike Brannigan [MSFT] on 09/06/2005 wrote:
    >> >
    >> >> I am however worried by your claim that the message was "ostensibly
    >> >> from Microsoft" - who else was it from ?
    >
    > From Tom:
    >
    > "Ostensibly" just means that the message claimed to be from Microsoft. On
    > the basis of additional information, it almost certainly WAS from
    > Microsoft.
    >
    > I respectfully request that the software be changed, so that the domain or
    > sub-domain or whatever of these reports is is: www.microsoft.com
    >
    > Hope this helps.
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Mike Brannigan [MSFT] wrote:
    >
    > It is not A SUB DOMAIN.
    > It is a host name.
    > The domain is microsoft.com the host names are www (web server) OCA
    > (online crash analysis) download (the download site) update (the
    > Microsoft update site) beta (our Beta testing support site) etc etc
    > etc We do not need to change anything, you need to understand about
    > DNS
    > names and how they are formed - or just accept that if it ends in
    > microsoft.com it's one of ours.
    >

    From http://www.webopedia.com/TERM/S/subdomain.html:

    subdomain
    (sub´´do-man´) (n.) Also called a child domain, a domain that is part of
    a larger domain name in DNS hierarchy. DNS hierarchy consists of the
    root-level domain at the top, underneath which are the top-level
    domains, followed by second-level domains and finally subdomains. For
    example, in the domain name webopedia.internet.com, "webopedia" is a
    subdomain of the larger second-level domain "internet.com."

    While I'm not saying your wrong in calling it a "host name," however it
    is also a "subdomain."

    http://support.microsoft.com/default.aspx?scid=kb;en-us;279303
    http://support.microsoft.com/default.aspx?scid=kb;en-us;259531

    The links above are just a couple of examples of what is meant by
    subdomains in the MS Knowledge Base.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  11. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:%23uLw3YcbFHA.2884@tk2msftngp13.phx.gbl...
    > Mike Brannigan [MSFT] wrote:
    >>
    >> It is not A SUB DOMAIN.
    >> It is a host name.
    >> The domain is microsoft.com the host names are www (web server) OCA
    >> (online crash analysis) download (the download site) update (the
    >> Microsoft update site) beta (our Beta testing support site) etc etc
    >> etc We do not need to change anything, you need to understand about DNS
    >> names and how they are formed - or just accept that if it ends in
    >> microsoft.com it's one of ours.
    >>
    >
    > From http://www.webopedia.com/TERM/S/subdomain.html:
    >
    > subdomain
    > (sub´´do-man´) (n.) Also called a child domain, a domain that is part of a
    > larger domain name in DNS hierarchy. DNS hierarchy consists of the
    > root-level domain at the top, underneath which are the top-level domains,
    > followed by second-level domains and finally subdomains. For example, in
    > the domain name webopedia.internet.com, "webopedia" is a subdomain of the
    > larger second-level domain "internet.com."
    >

    That is actually a poor description as it belies the fact that you can go to
    a greater depth then the implied "second-level domains and finally
    subdomains" you can continue to create subdomains of subdomains but
    ultimately those domains/zones contain DNS records that map host names
    (among other things) to IP addresses.

    > While I'm not saying your wrong in calling it a "host name," however it is
    > also a "subdomain."


    It would only be a sub domain if it contained host records - it does not
    it, is a host name.

    Fully qualified domain name (FQDN) A DNS name that uniquely identifies a
    node in a DNS namespace. The FQDN of a computer is a concatenation of the
    computer name (for example, client1) and the primary DNS suffix of the
    computer (for example, contoso.com), and a terminating dot (for example,
    contoso.com.).

    You look up the host name in the DNS zone file for that domain.
    So in a small company with a single web server as their internet presence
    you try an open www.company.com
    You are trying to find the IP address of the machine whose host name is
    "www" in the DNS zone company.com.
    So you query a DNS server that holds the zone/domain company.com for the IP
    address for the host www.

    Again as you pointed out a PhD in CS should have at least a passing
    acquaintance with these basic DNS concepts.
    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:%23uLw3YcbFHA.2884@tk2msftngp13.phx.gbl...
    > Mike Brannigan [MSFT] wrote:
    >>
    >> It is not A SUB DOMAIN.
    >> It is a host name.
    >> The domain is microsoft.com the host names are www (web server) OCA
    >> (online crash analysis) download (the download site) update (the
    >> Microsoft update site) beta (our Beta testing support site) etc etc
    >> etc We do not need to change anything, you need to understand about DNS
    >> names and how they are formed - or just accept that if it ends in
    >> microsoft.com it's one of ours.
    >>
    >
    > From http://www.webopedia.com/TERM/S/subdomain.html:
    >
    > subdomain
    > (sub´´do-man´) (n.) Also called a child domain, a domain that is part of a
    > larger domain name in DNS hierarchy. DNS hierarchy consists of the
    > root-level domain at the top, underneath which are the top-level domains,
    > followed by second-level domains and finally subdomains. For example, in
    > the domain name webopedia.internet.com, "webopedia" is a subdomain of the
    > larger second-level domain "internet.com."
    >
    > While I'm not saying your wrong in calling it a "host name," however it is
    > also a "subdomain."
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;279303
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;259531
    >
    > The links above are just a couple of examples of what is meant by
    > subdomains in the MS Knowledge Base.
    >
    > --
    > Peace!
    > Kurt
    > Self-anointed Moderator
    > microscum.pubic.windowsexp.gonorrhea
    > http://microscum.com/mscommunity
    > "Trustworthy Computing" is only another example of an Oxymoron!
    > "Produkt-Aktivierung macht frei"
    >
  12. Archived from groups: microsoft.public.windowsxp.general (More info?)

    kurttrail wrote:
    >
    > And in an email that is sent in html, just because the link says it is
    > going to http://www.microsoft.com doesn't mean it actually goes there.
    >
    > If you click on the Microsoft link above, you will see that it actual
    > takes you to my Microscum website.

    But not in plain text :) Anyway, yes, many folks get fooled who read
    email in html.
  13. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Thu, 9 Jun 2005 01:38:02 -0700, Doc Jones
    <DocJones@discussions.microsoft.com> wrote:

    >I recently received a message, ostensibly from Microsoft, which directed me
    >to go to the following domain and install a change to my copy of Windows:
    >
    >http://oca.microsoft.com

    I'll bet the URL was more than that -- probably there was an @ sign
    and then the real address.

    In any event, Microsoft doesn't send unsolicited upgrade
    announcements. Unless you've signed up for some sort of notification
    service with MS directly -- and I gather you haven't -- this was
    either a virus or an attempt to get you to download some sort of
    malware.


    --
    Stan Brown, Oak Road Systems, Tompkins County, New York, USA
    http://OakRoadSystems.com/
    "That was a stupid lie, easy to expose, not worthy of you."
    George Sanders as "Addison Dewitt" in /All About Eve/ (1950)
Ask a new question

Read More

Domain Microsoft Windows XP