Slashdot Mirror
Fake Microsoft Patch Triggers Virus Attack
boarder8925 writes "eWeek reports: 'Like day follows night, a bogus cumulative update with a malicious attachment has followed Microsoft's patch day. In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment. The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"
... at least that's what they tell us. But we all know that it actually was a cummulatice update, but they screwed it up.
Anonymous Coward
This is why when there's a security flaw in Firefox or the Mac people come out to say "thank gosh it was dealt with quickly, as usual."
The situation with microsoft has reached a certain critical mass where there is no public awareness of an objective security reality.
Here there be dragons. Beware.
Undoubtedly a dozen comments will say something like "If users would just follow a few simple rules..." What is the trusted source for those simple rules now that the situation is so out of hand?
Dark days indeed.
I wonder how slashdot posts stuff like this, which is very common thing, that has been done numerous times.
Social Engineering is getting to be an easier way for the script kiddes to get more victims, as more people put SP,2 which has the firewall enabled by default and so the usual attacks dont work.
OK, we get it. Don't run random attachments that people you don't know email to you. Why is this news? I get probably a hundred emails with viral attachments daily. Is Slashdot somehow suggesting that this is Microsoft's fault in some bizarre, convoluted way?
... that the best software in the world couldn't protect you from the stupidity of the guy in front of the monitor. Makes you wonder who is worse: Microsoft or their users?
Microsoft try and help users by providing easily accessible patches and they get blasted for it. I installed this patch yesterday and my machine works just fin^&*%^$%#%&^ [NO CARRIER SIGNAL]
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Anybody still stupid enough to open attachements in emails like this DESERVE to get infected and have their harddrives ERASED.
Better yet, too bad the virus can't mutate from electronic to biologic means, that might solve our problems.
I see stupid people.
-- From an article on the imminent collapse of Zimbabwe, but it seemed germane to the thread...
Evil sig is livE.
The comment made was SARCASTIC.
Sarcasm is the making of remarks intended to sneer, jest, or mock the person referred to (who is normally the person addressed), a situation or thing. It is often used in a humorous manner and expressed through particular vocal intonations. This is often done by simply over-emphasizing the actual statement, or particular words of it.
Now, I'm all for making public the attacks but I think we should start bagging out the actual attackers. Cmon, social engineering through an email? Sure it'll fool a few people, and a few people is all you need to bring down a network, but let's patronise these guys. They're fuckin' con men for pete's sake and lame conmen at that. The only people they're tricking is morons. I move for guys like this to be put down at every chance.
Stop glorifying criminals!
Cumulative patch? Now, that's a new term. Microsoft's ways are forcing us to get used to new terms in the computer field. Since this business of patching has become "business as usual" for M$, how about a new acronym for the procedure? I suggest cumpatch to stand for "cumulative patch".
Maybe this is the culmination of years of Microsoft tracking Forwarded Emails?? -I'm still waiting for my $5000 or Disney Vacation.
with patches like this....a milyID=905b4d10-9cde-4d32-b576-c942d1375ceb&displa ylang=en
http://www.microsoft.com/downloads/details.aspx?F
it is very hard to tell which ones are for real....
I for one, welcome our new hot grits... PROFIT!
If Outlook and Outlook Express ran in a sandbox it woud fix most of these issues wouldn't it?
GETPKG - Package Management for Slackware
How is that off topic? ... No one gets the joke.. *sigh*
If it seems like nonsense to a mod, it goes down. So.... I'm confused too.
Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?
We need an internet/computer Darwin awards, haha.
After year of preaching to the converted, the converted are still only about 10%.
Rob.
Since when is it Microsoft's fault that people are duped into running this?
Anything that mentions Windows here on slashdot results in a barrage of 'Linux' this and OSS that and how wonderful Firefox is etc etc.
Well people, if Firefox ever reached the 90% usage that IE has exactly the same kind of scam would happen when a Firefox patch was issued.
Am I the only one here over 21 and not still at school?
Users should just let Windows Automatic Update download security updates for them. It takes place in the background non-intrusively and users are notified when they are ready to be installed.
I tried this (with .shs). The extension is *not* shown. The icon is slightly different and the type is listed as scrap object. I can't think of a single user that I've ever supported that would notice the (slightly) different icon or that the type was not 'Text Document'.
Even with clearing the 'Hide Extensions of...' box.
Has anyone at MS ever explained *why* they do this?
eric
p.s. this was windows 2000. does this hold true for windows server 2003?
Is the tech world's redefinition of the term diluting its original meaning?
It's interesting to note that the tech definition seems to be popularly eclipsing the traditional meaning (read the link above to see what I mean).
A quick re-education for those under 30:
RAM=male sheep
ROM=Royal Ontario Museum
Memory=something in your head
Monitor= A heavily ironclad warship of the 19th century
Mouse=rodent
Snopes=William Faulkner character
Slash=a cut or swinging move
Dot=. or period
Feel free to add your own examples, I've left many out just to spark creativity on a boring Saturday.
Microsoft are partially responsible.
After all, where in all of their glossy ads for Windows XP, Office, etc. etc. does it mention that it's important to apply regular security updates, use a virus checker and never open attachments you don't trust?
They're more than happy to sell the illusion of ease and simplicity to gullible idiots so it is as much their fault as it is Joe Sixpack's ignorance.
Gentoo Linux - another day, another USE flag.
people gullible to believe Microsoft's "Get the Facts" campaign are just as gullible to download fake patches.
w00t.
Yes, the techies who read slashdot (and other tech news) and who work on computers all day know that Microsoft released a bunch of patches, but I would guess the average user doesn't. I would certainly guess that someone who doesn't know enough not to click on executable attachments in email, and doesn't know that Microsoft doesn't email it's patches to user, would not know that MS released a bunch of patches.
I think Slashdot has overestimated the cunning of the virus author and his timing..
I have blog like everyone else
...a cumulative patch for Windows. It's called Mac OS X.
Not properly evaluating or understanding attachments that are sent via email is synonymous to not critically evaluating any information that's received... such as faithfully believing whatever happens to be published on the television evening news.
Personally I'm not sure if it's so much a computer training issue. A lot of these problems might be solved in one go, if only the education system could focus a bit more on training people to be critical and cautious of all information that they receive.
I'm not trying to imply that this is all the education system's fault, either. Society's just screwed up right now, and there are so many contradictory messages out that that completely undermine so much of what good education actually has to offer.