Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Microsoft Patch Triggers Virus Attack

Posted by Zonk on from the watch-what-you-click dept.

boarder8925 writes "eWeek reports: 'Like day follows night, a bogus cumulative update with a malicious attachment has followed Microsoft's patch day. In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment. The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"

21 of 275 comments (clear)

  1. Well... by Kinky+Bass+Junk · · Score: 5, Funny

    ... at least that's what they tell us. But we all know that it actually was a cummulatice update, but they screwed it up.

    --
    Anonymous Coward
  2. This is why the "double standard" by Anonymous Coward · · Score: 4, Insightful

    This is why when there's a security flaw in Firefox or the Mac people come out to say "thank gosh it was dealt with quickly, as usual."

    The situation with microsoft has reached a certain critical mass where there is no public awareness of an objective security reality.

    Here there be dragons. Beware.

    Undoubtedly a dozen comments will say something like "If users would just follow a few simple rules..." What is the trusted source for those simple rules now that the situation is so out of hand?

    Dark days indeed.

    1. Re:This is why the "double standard" by Anonymous Coward · · Score: 5, Insightful

      The simple rule is to know what you're doing, or, if you don't know what you're doing, have it done by someone you trust. People don't start working on their cars unless they know what they're doing. They have the maintenance done by a mechanic or an experienced friend. Yet somehow we think that computer maintenance should be done by complete ignorants. It's never going to work.

    2. Re:This is why the "double standard" by bigman2003 · · Score: 5, Insightful

      Good point...

      BUT, I work in a small IT department- and we spend about 1/2 of our weekly meeting talking about how 'stupid' these users are.

      Not saying that I don't take part in the conversation...but I keep thinking to myself, "They aren't supposed to know this stuff, it isn't their job, it's OUR job."

      I really hate it when we get on our high-horses and look down at people because they don't know as much about the computer they use as we do. I would hope not, otherwise we would be some weak-ass IT people.

      I'm guilty to, and every IT person I have ever met is just as guilty. But when we need to purchase something, we walk over to the purchasing people and say 'I have no idea what I am doing, but I need to order this thing...' I wonder if when we leave, they all start laughing at us and call us a 'bunch of fucking idiots.'

      I hope so...because we have some real arrogant bastards in IT who really need to realize that nobody else really gives a damn about the difference between right-click and left click...

      --
      No reason to lie.
    3. Re:This is why the "double standard" by Blkdeath · · Score: 4, Insightful
      The simple rule is to know what you're doing, or, if you don't know what you're doing, have it done by someone you trust. People don't start working on their cars unless they know what they're doing.

      Conversely, many people start working on cars to learn how to do it.

      --
      BD Phone Home!

      Shameless plug. Like you weren't expecting it.

  3. How is this news? by shyampandit · · Score: 4, Insightful

    I wonder how slashdot posts stuff like this, which is very common thing, that has been done numerous times.

    Social Engineering is getting to be an easier way for the script kiddes to get more victims, as more people put SP,2 which has the firewall enabled by default and so the usual attacks dont work.

    1. Re:How is this news? by tomhudson · · Score: 5, Informative
      No, you should look closer. Like too many slashdot stories lately, the headline isn't exactly what one would call a model for journalistic accuracy.
      1. It wasn't a virus (it was a trojan in an email attachment, claiming to be a copy of the patch)
      2. It wasn't from Microsoft
      3. Its release wasn't triggered by Microsoft releasing a genuine patch. Check your spam filters - I'm sure most of us receive these "cumulative Microsoft patches" on a regular basis.
  4. The point is... by NineNine · · Score: 5, Interesting

    OK, we get it. Don't run random attachments that people you don't know email to you. Why is this news? I get probably a hundred emails with viral attachments daily. Is Slashdot somehow suggesting that this is Microsoft's fault in some bizarre, convoluted way?

    1. Re:The point is... by MichaelSmith · · Score: 4, Interesting
      Don't run random attachments that people you don't know email to you.

      My clueless co-workers are constantly sending me MS Office formatted files which I am expected to blindly execute. Everybody else in the company does it and they look at me strangely for complaining.

      Because of the way the IE shell interface works there is no good way to distinguish between a document file and an executable made up to look like a document file.

      The people who run the Windows side of our network aren't worried. They point to the virus filters on email and say "nothing bad can get in, why worry?"

      Everybody is taught to run attachments. Nobody is taught not to.

      --
      http://michaelsmith.id.au
    2. Re:The point is... by neil.pearce · · Score: 5, Informative

      Windows hiding extensions when it recognizes the file type? You can turn that off...

      Really?
      Try this...

      Create a file called dummy.txt.shs - then try and get Windows to display the .shs portion

      Also try .pif, .url, .shb, .mad and .mam

      The shell hides the extension, regardless of your view settings.

  5. Nice confirmation of the fact... by dos_dude · · Score: 5, Interesting

    ... that the best software in the world couldn't protect you from the stupidity of the guy in front of the monitor. Makes you wonder who is worse: Microsoft or their users?

  6. Typical Slashdot FUD by Timesprout · · Score: 5, Funny

    Microsoft try and help users by providing easily accessible patches and they get blasted for it. I installed this patch yesterday and my machine works just fin^&*%^$%#%&^ [NO CARRIER SIGNAL]

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  7. Email Patch? by Anonymous Coward · · Score: 5, Funny
    What, does it claim to be from Gates?
    Hey guys,

    it's Bill, again, we noticed some stuff was kinda screwed up, lol, but we fixed it. Here is the patch, ENJOY!

    -- Bill
  8. You know what'd stop lame social engineering by Anonymous Coward · · Score: 5, Insightful
    In Gavin De Beckers book 'The Gift of Fear' he says that an effective way to stop assassins topping off high profile people is not to give them glorious media write ups. Bring 'em down a notch by stating what they are - savages who don't deserve civilization. Bruce Schneier talks about the same thing-publicity attacks. People who want attention. So stop paying attention to them.

    Now, I'm all for making public the attacks but I think we should start bagging out the actual attackers. Cmon, social engineering through an email? Sure it'll fool a few people, and a few people is all you need to bring down a network, but let's patronise these guys. They're fuckin' con men for pete's sake and lame conmen at that. The only people they're tricking is morons. I move for guys like this to be put down at every chance.

    Stop glorifying criminals!

    1. Re:You know what'd stop lame social engineering by MichaelSmith · · Score: 4, Insightful
      Well I have long held the opinion we spend far too much money particularly protecting politicians. I think we should spend less and if a few of them get knocked off they it will help to filter out the self serving interest bastards.

      Iraq seems to be trying this approach. It doesn't appear to be improving the situation for the populace as a whole.

      --
      http://michaelsmith.id.au
  9. "cumulative patch" by bogaboga · · Score: 4, Funny

    Cumulative patch? Now, that's a new term. Microsoft's ways are forcing us to get used to new terms in the computer field. Since this business of patching has become "business as usual" for M$, how about a new acronym for the procedure? I suggest cumpatch to stand for "cumulative patch".

  10. With patches like this! by diablobsb · · Score: 4, Funny

    with patches like this....
    http://www.microsoft.com/downloads/details.aspx?Fa milyID=905b4d10-9cde-4d32-b576-c942d1375ceb&displa ylang=en

    it is very hard to tell which ones are for real....

    --
    I for one, welcome our new hot grits... PROFIT!
  11. Re:Stupid people by m50d · · Score: 4, Insightful

    Why? They're just doing what they've been taught. They've been taught that anyone can use a computer (that's what all the MS advertising says). They've been taught that anyone can use the internet (that's what all the AOL advertising says). They've been taught that if they don't click yes at dialog boxes, things don't work (A very similar security warning is seen two or three times when logging in to hotmail. So users learn they're not serious) How can you blame them for simply doing what they've been taught?

    --
    I am trolling
  12. Re:Stupid people by BenjyD · · Score: 4, Insightful

    But if they weren't so stupid and actually stopped to think for five seconds they might think "Hang on, how does Microsoft know my email address?"

  13. Re:wow.... by CowboyMeal · · Score: 5, Informative

    Just tested on Windows Server 2003... .shs, .pif, .url, and .shb files exhibit this behavior. I do not have microsoft access installed, so the .mam and .mad files show up as normal.

    I looked a little more into it, and there is a NeverShowExt REG_SZ entry in the registry for each file type that does this. Here it is described in detail.

    I would suggest searching through the registry for NeverShowExt and deleting the occurrences you find under HKCR. Be careful editing your registry, do it only if you know what you're doing, etc.

    --
    Your credit card information wants to be free.
  14. Re:I doubt it has to do with timing... by MightyMartian · · Score: 4, Interesting
    The fact is that Microsoft (and other companies as well) have time and time again said "We don't email updates/credit card requests/bank account requests/etcetera ad nauseum". People simply are not listening, and I'm not too sure how they will ever learn.

    Perhaps if ISPs started actually billing people when they spewed out viruses and spam, that might have some effect. It wouldn't have to be much, a couple of bucks maybe, but the point is, I don't think anything else is going to get it through the average user's head.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.