Fake Microsoft Patch Triggers Virus Attack 275
boarder8925 writes "eWeek reports: 'Like day follows night, a bogus cumulative update with a malicious attachment has followed Microsoft's patch day. In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment. The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"
Well... (Score:5, Funny)
DUH? (Score:2, Funny)
Sarcasm is the making of remarks intended to sneer, jest, or mock the person referred to (who is normally the person addressed), a situation or thing. It is often used in a humorous manner and expressed through particular vocal intonations. This is often done by simply over-emphasizing the actual statement, or particular words of it.
Re:DUH? (Score:2, Funny)
Nooo, I wasnt being sarcastic at all (!)
Now i'm so confused that i'm not sure if i'm being sarcastic when talking about whether or not i'm being sarcastic
Re:Well... (Score:4, Funny)
This is why the "double standard" (Score:4, Insightful)
The situation with microsoft has reached a certain critical mass where there is no public awareness of an objective security reality.
Here there be dragons. Beware.
Undoubtedly a dozen comments will say something like "If users would just follow a few simple rules..." What is the trusted source for those simple rules now that the situation is so out of hand?
Dark days indeed.
Re:This is why the "double standard" (Score:5, Insightful)
Re:This is why the "double standard" (Score:5, Insightful)
BUT, I work in a small IT department- and we spend about 1/2 of our weekly meeting talking about how 'stupid' these users are.
Not saying that I don't take part in the conversation...but I keep thinking to myself, "They aren't supposed to know this stuff, it isn't their job, it's OUR job."
I really hate it when we get on our high-horses and look down at people because they don't know as much about the computer they use as we do. I would hope not, otherwise we would be some weak-ass IT people.
I'm guilty to, and every IT person I have ever met is just as guilty. But when we need to purchase something, we walk over to the purchasing people and say 'I have no idea what I am doing, but I need to order this thing...' I wonder if when we leave, they all start laughing at us and call us a 'bunch of fucking idiots.'
I hope so...because we have some real arrogant bastards in IT who really need to realize that nobody else really gives a damn about the difference between right-click and left click...
Re:This is why the "double standard" (Score:2)
Put the users on a locked-down *nix machine with alternative browsers and (especially) email clients. Not the ultimate solution, perhaps, but it's got to be better than dealing with virus, trojan and spyware problems.
--
Random Signature #1
Generated by SlashdotRndSig [snop.com] via GreaseMonkey [mozdev.org]
Shouldn't there be a tutorial CD or something? (Score:2)
"This is a mouse. It has two buttons. When you click the right button it's called a right click."
"Whoa! Be careful with that popup! It appears to be a message from your computer, but it's an internet explorer window!"
I mean, they did a good tutorial on 'posting and you', why can't they make a tutorial on using the computer? I'd give the CD to ALL my newbie customers.
Re:This is why the "double standard" (Score:2, Insightful)
Re:This is why the "double standard" (Score:4, Insightful)
When I photocopy a set of manuals (that I wrote, just in case you were concerned with copyright...) in order to give a presentation, I put the paper in the copier and press 'start'.
If it doesn't work the way it should, I take the originals out of the machine, and find a different copier that will work for me.
I don't try to figure out what is wrong with the copier...or how to make booklets, instead of just stapled stuff. Or how to even print from my computer. Because I just don't care. I have enough stuff to think about that the copier should be something that doesn't require any thought at all.
90% of the workforce feels the same way about their computer. We have people who are paid to edit books...and they know how to use all the advanced features in Microsoft Word far better than I would ever even dream of. But the moment there is a problem with their e-mail...they are lost.
That's okay...because I can't punctuate correctly to save my life. But boy, I can make sure the e-mail server is functioning...
Re:This is why the "double standard" (Score:5, Insightful)
Conversely, many people start working on cars to learn how to do it.
Re:This is why the "double standard" (Score:3, Insightful)
Re:This is why the "double standard" (Score:4, Insightful)
To steer back towards the topic; how many home computers are vital to a person's livelyhood? How many of us learned much of our IT skills by breaking and subsequently fixing our own (read: our parents') home PCs?
Re:This is why the "double standard" (Score:4, Insightful)
How about http://www.microsoft.com/ [microsoft.com] instead of your e-mail's inbox?
=Smidge=
Re:This is why the "double standard" (Score:2)
Sure, more frequent updates would be nice, but most users won't bother downloading them anyway. The main reason we have so many pieces of spyware, viruses and other shite going around the internet is user stupidity.
I don't download updates very often (mainly because I'm on 56k, but still), I have a working firewall and an out of date AV program, but for around
Re:This is why the "double standard" (Score:2, Informative)
Re:This is why the "double standard" (Score:2)
I know nobody that says "thank gosh!" Who is gosh and why would you thank him/her/it?
Re:This is why the "double standard" (Score:2, Funny)
What and let it trash your system because MSFT missed a QA test?
Nope not gonna happen. heck i don't even let Apple Auto update. Sure they can send notifactions but I wait at least a week before appling patches. That way losers like you can beta test for me.
Re:This is why the "double standard" (Score:3, Funny)
Re:uh... (Score:2)
Re:uh... (Score:2)
Running with your milk delivery premise, I'd propose the analogy of opening the door one morning, finding a beer on your doorstep, assuming the milkman delivered it, opening the beer and drinking it, only to realize it contained some poisonous substance and you dropped dead.
No one ev
How is this news? (Score:4, Insightful)
Social Engineering is getting to be an easier way for the script kiddes to get more victims, as more people put SP,2 which has the firewall enabled by default and so the usual attacks dont work.
Re:How is this news? (Score:3, Funny)
Re:How is this news? (Score:5, Informative)
Re:How is this news? (Score:2)
Re:How is this news? (Score:2, Insightful)
So, all sysadmin
The point is... (Score:5, Interesting)
Re:The point is... (Score:5, Interesting)
My clueless co-workers are constantly sending me MS Office formatted files which I am expected to blindly execute. Everybody else in the company does it and they look at me strangely for complaining.
Because of the way the IE shell interface works there is no good way to distinguish between a document file and an executable made up to look like a document file.
The people who run the Windows side of our network aren't worried. They point to the virus filters on email and say "nothing bad can get in, why worry?"
Everybody is taught to run attachments. Nobody is taught not to.
Re:The point is... (Score:2)
My clueless co-workers are constantly sending me MS Office formatted files...
That's because it is much more temporarily impressive to use colour, underlining and bold in messages to show that the writer is important and wants to be noticed.
Of course, a carefully thought-out, insightful and direct message goes largely unnoticed.
In most organizations there is so much email flying around that many just ignore most of it. A lot of people do not understand (and actually abuse) the concept of CC. It's a si
Re:The point is... (Score:2)
Re:The point is... (Score:2)
Of course, IMHO Google's just being cheap -- both Hotmail and Yahoo have been providing virus-scanning on the server for ages.
Re:The point is... (Score:2)
so an unknown mdb is as dangerous as an unknown exe
Re:The point is... (Score:2)
Gmail will even scan your messages to better tailor ads specifically for you.
I am a Gmail user and find the service nice but I at least know what I am "paying" for.
Re:The point is... (Score:5, Informative)
Really?
Try this...
Create a file called dummy.txt.shs - then try and get Windows to display the
Also try
The shell hides the extension, regardless of your view settings.
wow.... (Score:3, Informative)
Even with clearing the 'Hide Extensions of...' box.
Has anyone at MS ever explained *why* they do this?
eric
p.s. this was windows 2000. does this hold true for windows server 2003?
Re:wow.... (Score:5, Informative)
I looked a little more into it, and there is a NeverShowExt REG_SZ entry in the registry for each file type that does this. Here [diamondcs.com.au] it is described in detail.
I would suggest searching through the registry for NeverShowExt and deleting the occurrences you find under HKCR. Be careful editing your registry, do it only if you know what you're doing, etc.
Re:wow.... (Score:2, Informative)
As to the question of why did Microsoft do this? Because they're freaking retards. It makes no sense to build a system that relies on extensions to differentiate types and then hide those extensions from the user.
Anyway, hope this info helps.
Re:The point is... (Score:3, Informative)
"Show Super Hidden File Extensions (All Windows) Popular"...
"To remove the potential to hide files, open your registry and using the search function find each occurance of a value named "NeverShowExt".
When this value is present the associated file extension will not be shown. To display the file extension highlight the "NeverShowExt" value and press Delete. Repeat this process for each extension you want to display. "
What do I win??
Re:The point is... (Score:2)
Re:its not convoluted at all ... (Score:2)
Nice confirmation of the fact... (Score:5, Interesting)
Re:Nice confirmation of the fact... (Score:2)
Tough one there, maybe they'll learn. Unlikely, though. Most times they blame the IT staff for not preventing them from being as dumb as they are.
Re:Nice confirmation of the fact... (Score:3, Insightful)
Like the one NT has had since 1993, you mean ?
[...] the virus would be contained to user level processes and hopefully not compromise the system. The user would lose their crap.
So they'd only lose the most important data ? I'm sure that would be comforting.
Re:Nice confirmation of the fact... (Score:2)
As the saying goes, make something idiot-proof and along will come a better idiot. Microsoft's interface changes so drastically towards disabling the need for users to think that they become more complacent with each release. It used to be that even my non-computer-literate friends, family and colleagues used to talk about the need
It's a much more general education thing (Score:4, Insightful)
Not properly evaluating or understanding attachments that are sent via email is synonymous to not critically evaluating any information that's received... such as faithfully believing whatever happens to be published on the television evening news.
Personally I'm not sure if it's so much a computer training issue. A lot of these problems might be solved in one go, if only the education system could focus a bit more on training people to be critical and cautious of all information that they receive.
I'm not trying to imply that this is all the education system's fault, either. Society's just screwed up right now, and there are so many contradictory messages out that that completely undermine so much of what good education actually has to offer.
Typical Slashdot FUD (Score:5, Funny)
Re:Typical Slashdot FUD (Score:2)
Stupid people (Score:2, Insightful)
Better yet, too bad the virus can't mutate from electronic to biologic means, that might solve our problems.
I see stupid people.
Re:Stupid people (Score:2, Insightful)
Anybody still stupid enough to open attachements in emails like this DESERVE to get infected and have their harddrives ERASED.
Yeah. But the problem is that these people aren't having their harddrives erased, they have their machines turned into zombies so we don't run out of spam, bounces, and worms.
Re:Stupid people (Score:5, Insightful)
Re:Stupid people (Score:5, Insightful)
Re:Stupid people (Score:2, Funny)
Perhaps they expect it to have been transmitted in the windows activation process, together with their creditcard info and their agreement to owe microsoft their firstborn son?
Re:Stupid people (Score:2)
Re:Stupid people (Score:2)
Patches (Score:2, Insightful)
-- From an article on the imminent collapse of Zimbabwe [nytimes.com], but it seemed germane to the thread...
Re:Patches (Score:2)
Re:Patches (Score:2)
Sorry, analogies like that don't work with software.
Re:Patches (Score:2)
Sorry, analogies like that don't work with software.
Unless the software is a tire simulation, or sim-zimbabwe.
Email Patch? (Score:5, Funny)
You know what'd stop lame social engineering (Score:5, Insightful)
Now, I'm all for making public the attacks but I think we should start bagging out the actual attackers. Cmon, social engineering through an email? Sure it'll fool a few people, and a few people is all you need to bring down a network, but let's patronise these guys. They're fuckin' con men for pete's sake and lame conmen at that. The only people they're tricking is morons. I move for guys like this to be put down at every chance.
Stop glorifying criminals!
Re:You know what'd stop lame social engineering (Score:3, Informative)
Well I have long held the opinion we spend far too much money particularly protecting politicians. I think we should spend less and if a few of them get knocked off they it will help to filter out the self serving interest bastards. They are supposed to be public servants, not divine personages and its not like they are irreplacable n
Re:You know what'd stop lame social engineering (Score:5, Insightful)
Iraq seems to be trying this approach. It doesn't appear to be improving the situation for the populace as a whole.
Re:You know what'd stop lame social engineering (Score:2)
But, but the media needs headlines! It's hard coming up with original stories.
Besides, stories like these are seksy.
Re:You know what'd stop lame social engineering (Score:2)
"The only people they're tricking is morons."
But there's tons out there, and that's enough for them. That's like saying "all they're breathing is air." There's no shortage.
"cumulative patch" (Score:5, Funny)
Re:"cumulative patch" (Score:2)
I agree, and I propose a further acronym to cover a multitude... a Certain Unnamed Monolithic SOftware Corporation, Or CUMSOCk.
Just a thought.
Waiting .... (Score:2, Funny)
With patches like this! (Score:4, Funny)
http://www.microsoft.com/downloads/details.aspx?F
it is very hard to tell which ones are for real....
It's a good thing... (Score:2)
Linux users would probably fall for this social engineering too, if it wasn't so expensive [zdnet.com.au] to patch Linux systems.
Sandbox (Score:2, Interesting)
Re:Sandbox (Score:2)
The fortunate thing is that unless the user had edited the registry he/she is safer with later versions of Outlook which actually block executable files from being saved or ran, period.
My God, why do people still click on these posts? (Score:3, Interesting)
After year of preaching to the converted, the converted are still only about 10%.
Rob.
Oh here we go again. Have a pop at MS (Score:2, Insightful)
Anything that mentions Windows here on slashdot results in a barrage of 'Linux' this and OSS that and how wonderful Firefox is etc etc.
Well people, if Firefox ever reached the 90% usage that IE has exactly the same kind of scam would happen when a Firefox patch was issued.
Am I the only one here over 21 and not still at school?
Re: (Score:3, Insightful)
Re:Oh here we go again. Have a pop at MS (Score:2)
This is like people complaining to their doctor that they got sick after they licked the toilet seat at a train station.
A user should know by now not to
Re:Oh here we go again. Have a pop at MS (Score:2)
Correction; the user willfully runs a program from a trusted source. Microsoft sent them the e-mail. If it wasn't them - why are their logos in the message? It looks just like their home page, therefore it is valid.
Users can't comprehend software update procedures. Some companies send e-mail alerts with convenient URLs linking to their homepage indicating it's time for an update. Some send out binary update attachments. Windows doe
Re:Oh here we go again. Have a pop at MS (Score:2)
From an article last year http://www.enquirer.com/editions/2004/05/10/tem_t e m1germ.html/ [enquirer.com]:
A newly released study claims office workers are exposed to more germs from their phones and keyboards than would be found crawling on a toilet seat. A lot more.
According to the study, from researchers at the University of Arizona, phones have up to 25,127 germs per square inch, keyboards 3,295 per square inch and computer mice 1,676 per square in
Re:Oh here we go again. Have a pop at MS (Score:2)
Even if he can't immediately get root (as is the case in many Windows XP installs, where people tend to log in as Administrator), all he has to do is install a keylogger and wait for you to su. Even a non-root trojan can cause havoc, anyway.
My favorite one of these.. (Score:2)
Latest trick? (Score:2)
Hrm, the date may have changed, but this 'latest trick' has been around for a long time..
Windows Automatic Update (Score:3, Informative)
Re:Windows Automatic Update (Score:2)
Re:Windows Automatic Update (Score:2)
How many times.... (Score:2)
Re: (Score:2)
Re:How many times.... (Score:2)
Good idea with the tiered service. I'd jump on that.
Re:How many times.... (Score:2)
OT: "Social Engineering" (Score:3, Funny)
Is the tech world's redefinition of the term diluting its original meaning [wikipedia.org]?
It's interesting to note that the tech definition seems to be popularly eclipsing the traditional meaning (read the link above to see what I mean).
A quick re-education for those under 30:
RAM=male sheep
ROM=Royal Ontario Museum
Memory=something in your head
Monitor= A heavily ironclad warship of the 19th century
Mouse=rodent
Snopes=William Faulkner character
Slash=a cut or swinging move
Dot=. or period
Feel free to add your own examples, I've left many out just to spark creativity on a boring Saturday.
Re: (Score:2)
New? (Score:2)
Just when I thought this technique had died out slashdot runs a story about it as if it were something new and cunning the virus writers had just come up with.
In other news... (Score:4, Funny)
w00t.
I doubt it has to do with timing... (Score:3, Insightful)
Yes, the techies who read slashdot (and other tech news) and who work on computers all day know that Microsoft released a bunch of patches, but I would guess the average user doesn't. I would certainly guess that someone who doesn't know enough not to click on executable attachments in email, and doesn't know that Microsoft doesn't email it's patches to user, would not know that MS released a bunch of patches.
I think Slashdot has overestimated the cunning of the virus author and his timing..
Re:I doubt it has to do with timing... (Score:5, Interesting)
Perhaps if ISPs started actually billing people when they spewed out viruses and spam, that might have some effect. It wouldn't have to be much, a couple of bucks maybe, but the point is, I don't think anything else is going to get it through the average user's head.
I've already installed... (Score:2, Funny)
Re:Paypal scams (Score:2)
I use a non-html capable mailer (sylpheed claws) and the paypal spam messages look like the crap they are to me.
ASCII may be a little bit more honest than HTML
Re:2 Words (Score:2, Insightful)
If it seems like nonsense to a mod, it goes down. So.... I'm confused too.
Been There, Done That (Score:2)
Joe Pesci, as "The Wet Burglar" in the movie "Home Alone" would go to people's houses in a police officer's uniform to check the kind of security people had, wanting to make sure they were protected against The Wet Burglar, who was robbing houses. And, of course, people would sh
Re:Social Engineering? (Score:2)
The gull-men (Score:2)
Everything is "engineering" today. If we don't call diaries and columns on the WWW "blogs", or if we don't call downloading people's audio files "podcasting", then we're not hip.
We used to call them con men, for their exploitation of people's confidence. As someone with English as a second language, I think that's an excellent word, it hardly ge