Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Microsoft Patch Triggers Virus Attack

Posted by Zonk on from the watch-what-you-click dept.

boarder8925 writes "eWeek reports: 'Like day follows night, a bogus cumulative update with a malicious attachment has followed Microsoft's patch day. In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment. The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"

4 of 275 comments (clear)

  1. Re:The point is... by neil.pearce · · Score: 5, Informative

    Windows hiding extensions when it recognizes the file type? You can turn that off...

    Really?
    Try this...

    Create a file called dummy.txt.shs - then try and get Windows to display the .shs portion

    Also try .pif, .url, .shb, .mad and .mam

    The shell hides the extension, regardless of your view settings.

  2. Re:How is this news? by tomhudson · · Score: 5, Informative
    No, you should look closer. Like too many slashdot stories lately, the headline isn't exactly what one would call a model for journalistic accuracy.
    1. It wasn't a virus (it was a trojan in an email attachment, claiming to be a copy of the patch)
    2. It wasn't from Microsoft
    3. Its release wasn't triggered by Microsoft releasing a genuine patch. Check your spam filters - I'm sure most of us receive these "cumulative Microsoft patches" on a regular basis.
  3. Re:wow.... by CowboyMeal · · Score: 5, Informative

    Just tested on Windows Server 2003... .shs, .pif, .url, and .shb files exhibit this behavior. I do not have microsoft access installed, so the .mam and .mad files show up as normal.

    I looked a little more into it, and there is a NeverShowExt REG_SZ entry in the registry for each file type that does this. Here it is described in detail.

    I would suggest searching through the registry for NeverShowExt and deleting the occurrences you find under HKCR. Be careful editing your registry, do it only if you know what you're doing, etc.

    --
    Your credit card information wants to be free.
  4. Re:The point is... by Anonymous Coward · · Score: 3, Informative

    http://www.winguides.com/registry/display.php/627/

    "Show Super Hidden File Extensions (All Windows) Popular"...
    "To remove the potential to hide files, open your registry and using the search function find each occurance of a value named "NeverShowExt".
    When this value is present the associated file extension will not be shown. To display the file extension highlight the "NeverShowExt" value and press Delete. Repeat this process for each extension you want to display. "

    What do I win??