msn.com seeking out users social secuty numbers

[mgm]

Sorry about the cross posting, but I would like to hear from a MS MVP about
this... I am very concerned.

I don't know if this is the correct newsgroup, but I had a disturbing alert
from my software firewall of Zone Alarm.
I place vital personal info into it's "Vault" feature which blocks internet
disbursement of info like social sec. num and bank account numbers and the
like.
When I attempted to use the msn.com free games, I was alerted via Zone Alarm
that shopping.msn.com was attempting to retrieve my social security
number!!!!!

I have absolutely NO vital information like a social as any type of
password.

Why on earth would a game site need a social??? Why would ANY type of
shopping site be seeking out a social security number?????

Needless to say, I have to wonder just what type of personal information MS
sites and others are collecting and just WHAT are they doing with it??

 

[Carey Frisch [MVP]]

Legitimate Microsoft sites never request any personal information.
Your PC is probably infected with spyware.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/Default.aspx?id=827315

Download Ad-aware SE and scan your PC for the presence of sp­yware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym&plfid=23&pkj=ESWIKKFVTEYCUMMGLKA

Microsoft Windows AntiSpyware
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

3 Simple Steps to Help Ensure the Protection of Your PC
http://www.microsoft.com/athome/security/protect/default.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Sorry about the cross posting, but I would like to hear from a MS MVP about
| this... I am very concerned.
|
| I don't know if this is the correct newsgroup, but I had a disturbing alert
| from my software firewall of Zone Alarm.
| I place vital personal info into it's "Vault" feature which blocks internet
| disbursement of info like social sec. num and bank account numbers and the
| like.
| When I attempted to use the msn.com free games, I was alerted via Zone Alarm
| that shopping.msn.com was attempting to retrieve my social security
| number!!!!!
|
| I have absolutely NO vital information like a social as any type of
| password.
|
| Why on earth would a game site need a social??? Why would ANY type of
| shopping site be seeking out a social security number?????
|
| Needless to say, I have to wonder just what type of personal information MS
| sites and others are collecting and just WHAT are they doing with it??

 

[mgm]

Carey, thanks for your response. Ad_Aware and Spybot are routinely run as
scheduled. Spybot remains as a resident. Pluse McAfee Managed Virus Scan
runs all the time. None of these security programs have detected any virus
activity. ZoneAlarm reports the IP address requesting the social is
207.68.166.123 which resolves to eshop.net, a Microsoft Network partner. I
took screenprints of these Zone Alarm alerts and will gladly email them to
prove this posting.

 

[mgm]

I hate to disagree with an MVP but here is the reverse DNS lookup via who is
for the ip address in question, it clearly show Microsoft as the resistrant.
"
WHOIS results for eshop.net
Generated by www.DNSstuff.com
I was referred to whois.opensrs.net; I'm looking it up there.



Using 0 day old cached answer (or, you can get fresh results).
Displaying E-mail address (use sparingly -- this will make it more likely
that you will trigger our rate limiting system).

Registrant:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
US

Domain name: ESHOP.NET

Administrative Contact:
Administrator, Domain (e-mail address removed)
One Microsoft Way
Redmond, WA 98052
US
+1.4258828080
Technical Contact:
Hostmaster, MSN (e-mail address removed)
One Microsoft Way
Redmond, WA 98052
US
+1.4258828080

 

[Carey Frisch [MVP]]

Contact MSN Support
http://support.msn.com/contactus.aspx

Help Safeguard Your Personal Information Online
http://www.microsoft.com/security/incident/spoof.mspx

Don't respond to phony e-mail sent to MSN customers requesting personal information
http://safety.msn.com/articles/1061626.armx

No-Charge Microsoft Security Support:

1-866-PCSAFETY
or 1-866-727-2338

This phone number is for virus and other security-related support.
It is available 24 hours a day for the U.S. and Canada.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| I hate to disagree with an MVP but here is the reverse DNS lookup via who is
| for the ip address in question, it clearly show Microsoft as the resistrant.
| "
| WHOIS results for eshop.net
| Generated by www.DNSstuff.com
| I was referred to whois.opensrs.net; I'm looking it up there.
|
|
|
| Using 0 day old cached answer (or, you can get fresh results).
| Displaying E-mail address (use sparingly -- this will make it more likely
| that you will trigger our rate limiting system).
|
| Registrant:
| Microsoft Corporation
| One Microsoft Way
| Redmond, WA 98052
| US
|
| Domain name: ESHOP.NET
|
| Administrative Contact:
| Administrator, Domain (e-mail address removed)
| One Microsoft Way
| Redmond, WA 98052
| US
| +1.4258828080
| Technical Contact:
| Hostmaster, MSN (e-mail address removed)
| One Microsoft Way
| Redmond, WA 98052
| US
| +1.4258828080
|

 

[Dwight Stewart]

I don't know if this is the correct newsgroup, but
I had a disturbing alert from my software firewall
of Zone Alarm. I place vital personal info into it's
"Vault" feature which blocks internet disbursement
of info like social sec. num and bank account
numbers and the like. When I attempted to use the
msn.com free games, I was alerted via Zone Alarm
that shopping.msn.com was attempting to retrieve
my social security number!!!!! (snip)

(snip) Why on earth would a game site need a
social??? Why would ANY type of shopping site
be seeking out a social security number? (snip)

First, where is this information located on your computer that it can be
so easily found in the first place? I don't remember Microsoft ever asking
for a social security or bank account number when setting up the computer,
its software, its msn.com connection, or anything else. So clearly you made
an extra effort to make this information available on your computer
(somewhere outside the personal folders not so easily accessed from outside
your computer without special software or action by you).

Second, you're assuming this particular msn.com connection originated from
Microsoft, the Corporation. Just like other online service providers,
millions have access to msn.com accounts. Any one of these people could use
their account to try to fool others into disclosing personal information (or
using spyware software in an effort to access the same). And, since few will
be fooled by messages from 'hacker.com,' they often masquerade as ligitimate
enities (such as shopping.msn.com).

Anyway, the msn.com game site doesn't need social security information.
Millions routinely use it without this information even being available on
their computer. Carey was right to recommend a check of your computer for
spyware. If your computer checks out fine, this was likely a one time
attempt to gather information. And your Zone Alarm software caught the
attempt, so be happy.

Stewart