Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Microsoft Patch Triggers Virus Attack

Posted by Zonk on from the watch-what-you-click dept.

boarder8925 writes "eWeek reports: 'Like day follows night, a bogus cumulative update with a malicious attachment has followed Microsoft's patch day. In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment. The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"

9 of 275 comments (clear)

  1. Re:You know what'd stop lame social engineering by Timesprout · · Score: 2, Informative

    In Gavin De Beckers book 'The Gift of Fear' he says that an effective way to stop assassins topping off high profile people is not to give them glorious media write ups.

    Well I have long held the opinion we spend far too much money particularly protecting politicians. I think we should spend less and if a few of them get knocked off they it will help to filter out the self serving interest bastards. They are supposed to be public servants, not divine personages and its not like they are irreplacable now is it.

    I dont think less media coverage will affect anything. Most assassins are not attention seekers. Some are professionals acting for vested interests, some are politically motivated, some act out of rage and some are just crazy. Few are interested in the media coverage.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  2. Windows Automatic Update by Gary+Destruction · · Score: 2, Informative

    Users should just let Windows Automatic Update download security updates for them. It takes place in the background non-intrusively and users are notified when they are ready to be installed.

  3. Re:The point is... by neil.pearce · · Score: 5, Informative

    Windows hiding extensions when it recognizes the file type? You can turn that off...

    Really?
    Try this...

    Create a file called dummy.txt.shs - then try and get Windows to display the .shs portion

    Also try .pif, .url, .shb, .mad and .mam

    The shell hides the extension, regardless of your view settings.

  4. wow.... by ecalkin · · Score: 2, Informative

    I tried this (with .shs). The extension is *not* shown. The icon is slightly different and the type is listed as scrap object. I can't think of a single user that I've ever supported that would notice the (slightly) different icon or that the type was not 'Text Document'.

    Even with clearing the 'Hide Extensions of...' box.

    Has anyone at MS ever explained *why* they do this?

    eric
    p.s. this was windows 2000. does this hold true for windows server 2003?

    1. Re:wow.... by CowboyMeal · · Score: 5, Informative

      Just tested on Windows Server 2003... .shs, .pif, .url, and .shb files exhibit this behavior. I do not have microsoft access installed, so the .mam and .mad files show up as normal.

      I looked a little more into it, and there is a NeverShowExt REG_SZ entry in the registry for each file type that does this. Here it is described in detail.

      I would suggest searching through the registry for NeverShowExt and deleting the occurrences you find under HKCR. Be careful editing your registry, do it only if you know what you're doing, etc.

      --
      Your credit card information wants to be free.
    2. Re:wow.... by raxxerax · · Score: 2, Informative

      You can stop this behavior. In the registry, there is a string value NEVERSHOWEXT associated with these file types. If you delete this key, the extension will display if known extensions are not set to be hidden.

      As to the question of why did Microsoft do this? Because they're freaking retards. It makes no sense to build a system that relies on extensions to differentiate types and then hide those extensions from the user.

      Anyway, hope this info helps.

  5. Re:How is this news? by tomhudson · · Score: 5, Informative
    No, you should look closer. Like too many slashdot stories lately, the headline isn't exactly what one would call a model for journalistic accuracy.
    1. It wasn't a virus (it was a trojan in an email attachment, claiming to be a copy of the patch)
    2. It wasn't from Microsoft
    3. Its release wasn't triggered by Microsoft releasing a genuine patch. Check your spam filters - I'm sure most of us receive these "cumulative Microsoft patches" on a regular basis.
  6. Re:The point is... by Anonymous Coward · · Score: 3, Informative

    http://www.winguides.com/registry/display.php/627/

    "Show Super Hidden File Extensions (All Windows) Popular"...
    "To remove the potential to hide files, open your registry and using the search function find each occurance of a value named "NeverShowExt".
    When this value is present the associated file extension will not be shown. To display the file extension highlight the "NeverShowExt" value and press Delete. Repeat this process for each extension you want to display. "

    What do I win??

  7. Re:This is why the "double standard" by DeadChobi · · Score: 2, Informative

    Actually, I used to get spoof security patches from Microsoft.com about two years ago. It stopped happening when the spammer realised I wasnt clicking on any links. It really is old.

    --
    SRSLY.