2 Replies Latest reply on Mar 3, 2015 1:52 PM by kgeil

    Spoof email?   Shavlik Releases Critical Update for Shavlik Patch for Microsoft System Center

    Rookie

      Hi, I received an email the other day, with return address of info@shavlik.com, describing an urgent update regarding a change in the Shavlik ssl certificate.  It pointed me to a download from some kind of link shortening service: http://mkto-i0073.com/F7fZW00wY0Q0t2aY000IFe7.  It definitely doesn't come from shavlik.com...  I investigated further, and the sender in the email headers is from mktomail.com. I can't find anything on Shavlik's site regarding this update. I did email Shavlik support to dind out whether or not it's legitimate, but I figured the forum would be a good place to check also.  If anyone has information, I'd love to know.  Email and headers are pasted below.

       

      Thanks,


      Kevin

       

       

      From: Shavlik Support [mailto:info@shavlik.com]
      Sent: Wednesday, February 25, 2015 10:03 AM
      To:
      Subject: Shavlik Releases Critical Update for Shavlik Patch for Microsoft System Center

       

      To view this email as a web page, click here

       

       

       

       

       

       

      Dear Shavlik Patch for Microsoft System Center customer,

      Today, Shavlik released an update for Shavlik Patch for Microsoft System Center. Due to a change in the Shavlik SSL certificate, you must apply this update in order to continue receiving patch content from Shavlik after March 3, 2015.

      If you are a Shavlik Patch 2.1 user, complete the following actions:

      1. Download the updated version here, and copy the executable file to your Configuration Manager console machine.
      2. Close System Center Configuration Manager.
      3. Run the Shavlik Patch executable (sccmpatchsetup_2_1_810.exe) and follow the on-screen instructions. For further details about this step, see the Shavlik Patch User's Guide.
      4. Open System Center Configuration Manager and commence business as usual.

      If you are running Shavlik 2.0, we encourage you to upgrade to 2.1 (see instructions above). In the same amount of time it takes to apply the patch to Version 2.0, you can complete your upgrade to Version 2.1 and enjoy all of the latest features in Shavlik Patch. If you are unable to update from 2.0 to 2.1 at this time, please contact Shavlik Support to obtain the 2.0 update.

      This update does not affect customers using the catalog file version (1.0) of Shavlik Patch or Shavlik Protect.

      If you have any questions or concerns about applying this patch, please contact Shavlik Support.

      Thank you,

       

      Shavlik Product Management

       

       

       

       

      LinkedIn Shavlik

      © Copyright 2014 Shavlik. All rights reserved. Shavlik, 698 W 10000 S, Suite 500, South Jordan Utah 84095.

       

       

       

       

       

       

       

      Return-Path: <635-QZI-186.0.12704.0.0.14890.7.1899895@em-sj-77.mktomail.com>

      Delivered-To: <REMOVED>

      Received: from smtp7.gate.ord1c (smtp7.gate.ord1c.rsapps.net [172.28.146.7])

          by store177a.mail.ord1b (SMTP Server) with ESMTP id 79E44358048

          for <REMOVED>; Wed, 25 Feb 2015 10:02:33 -0500 (EST)

      X-Spam-Threshold: 95

      X-Spam-Score: 0

      X-Spam-Flag: NO

      X-Virus-Scanned: OK

      X-MessageSniffer-Scan-Result: 0

      X-MessageSniffer-Rules: 0-0-0-17790-c

      X-CMAE-Scan-Result: 0

      X-CNFS-Analysis: v=2.1 cv=LY8FtFvi c=1 sm=0 tr=0 b=1 a=7s8oQoACpBG3muglfUxhmQ==:117 a=7s8oQoACpBG3muglfUxhmQ==:17 a=GwGOMVS0AAAA:8 a=OT03hs-yAAAA:8 a=KGjhK52YXX0A:10 a=0HtSIViG9nkA:10 a=K4Ze3a_1AAAA:8 a=ZOpBAjnz-yeVtkY8XS0A:9 a=bMOotstfVWNeBocX:21 a=QXiEKi4dCWaHkOeF:21 a=QEXdDO2ut3YA:10 a=S4qxiiSKIDQA:10 a=9qjx6RgKAAAA:8 a=SSmOFEACAAAA:8 a=2EYM0nJ1PXiQrv4mNIwA:9 a=9u6cQo-am4Kq-Aj3:21 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=MZpOI37Du90A:10

      X-Orig-To:<REMOVEDkgeil@orda.org

      X-Originating-Ip: [199.15.214.202]

      Received: from [199.15.214.202] ([199.15.214.202:34281] helo=em-sj-02.mktomail.com)

          by smtp7.gate.ord1c.rsapps.net (envelope-from <635-QZI-186.0.12704.0.0.14890.7.1899895@em-sj-77.mktomail.com>)

          (ecelerity 2.2.3.49 r(42060/42061)) with ESMTP

          id BD/82-22788-804EDE45; Wed, 25 Feb 2015 10:02:33 -0500

      X-MSFBL: a2dlaWxAb3JkYS5vcmdAZHZwLTE5OS0xNS0yMTQtMjAyQGJnLXNqLTAxQDYzNS1R

          WkktMTg2OjIxNjY3OjEyNzA0OjM5NjU2OjA6MTQ4OTA6NzoxODk5ODk1

      Received: from [10.0.8.1] ([10.0.8.1:56194] helo=sjmas02.marketo.org)

          by sjmta08.marketo.org (envelope-from <info@shavlik.com>)

          (ecelerity 3.6.4.44580 r(Platform:3.6.4.1)) with ESMTP

          id 4C/6D-01510-804EDE45; Wed, 25 Feb 2015 09:02:32 -0600

      DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1424876552;

          s=m1; d=mktomail.com; i=@mktomail.com;

          h=Date:From:To:Subject:MIME-Version:Content-Type;

          bh=bHSYUE/q4sU2+/8q1nBRREY4YCIffhxH/YiTGrIgG7Y=;

          b=DupQ3mhAkERBGayGdVAIFIN9IKnKTYz9W5gfAxr1Ast/zwoVCz20gH0H7fA/rvXg

          ABPyjsh+GZivyK1hyOOcBR7sZh1xIZysTFjLgN+jwmixblEuC/PV5nmm3Wgj073JHOP

          vLeBjIiQguUr+/ljfA1H63gImliGQMB1UyFlT13Q=

      Date: Wed, 25 Feb 2015 09:02:32 -0600 (CST)

      From: Shavlik Support <info@shavlik.com>

      Reply-To: Info@shavlik.com

      To: <REMOVED>

      Message-ID: <573450544.-1745375365.1424876552482.JavaMail.root@sjmas02.marketo.org>

      Subject: Shavlik Releases Critical Update for Shavlik Patch for Microsoft

      System Center

      MIME-Version: 1.0

      Content-Type: multipart/alternative;

          boundary="----=_Part_-1745375366_2081075719.1424876552482"

      X-Binding: bg-sj-01

      X-MarketoID: 635-QZI-186:21667:12704:39656:0:14890:7:1899895

      X-Mailfrom: 635-QZI-186.0.12704.0.0.14890.7.1899895@em-sj-77.mktomail.com

      X-MktMailDKIM: true