Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows The Internet

Fake Microsoft Patch Triggers Virus Attack 275

Posted by Zonk from the watch-what-you-click dept.
boarder8925 writes "eWeek reports: 'Like day follows night, a bogus cumulative update with a malicious attachment has followed Microsoft's patch day. In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment. The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"
This discussion has been archived. No new comments can be posted.

Fake Microsoft Patch Triggers Virus Attack More

Fake Microsoft Patch Triggers Virus Attack

Comments Filter:

  • Well... (Score:5, Funny)

    by Kinky Bass Junk ( 880011 ) on Saturday May 21, 2005 @08:21AM (#12598256)
    ... at least that's what they tell us. But we all know that it actually was a cummulatice update, but they screwed it up.

  • This is why the "double standard" (Score:4, Insightful)

    by Anonymous Coward on Saturday May 21, 2005 @08:22AM (#12598258)
    This is why when there's a security flaw in Firefox or the Mac people come out to say "thank gosh it was dealt with quickly, as usual."

    The situation with microsoft has reached a certain critical mass where there is no public awareness of an objective security reality.

    Here there be dragons. Beware.

    Undoubtedly a dozen comments will say something like "If users would just follow a few simple rules..." What is the trusted source for those simple rules now that the situation is so out of hand?

    Dark days indeed.

    • Re:This is why the "double standard" (Score:5, Insightful)

      by Anonymous Coward on Saturday May 21, 2005 @08:43AM (#12598357)
      The simple rule is to know what you're doing, or, if you don't know what you're doing, have it done by someone you trust. People don't start working on their cars unless they know what they're doing. They have the maintenance done by a mechanic or an experienced friend. Yet somehow we think that computer maintenance should be done by complete ignorants. It's never going to work.

      • Re:This is why the "double standard" (Score:5, Insightful)

        by bigman2003 ( 671309 ) on Saturday May 21, 2005 @09:53AM (#12598580) Homepage
        Good point...

        BUT, I work in a small IT department- and we spend about 1/2 of our weekly meeting talking about how 'stupid' these users are.

        Not saying that I don't take part in the conversation...but I keep thinking to myself, "They aren't supposed to know this stuff, it isn't their job, it's OUR job."

        I really hate it when we get on our high-horses and look down at people because they don't know as much about the computer they use as we do. I would hope not, otherwise we would be some weak-ass IT people.

        I'm guilty to, and every IT person I have ever met is just as guilty. But when we need to purchase something, we walk over to the purchasing people and say 'I have no idea what I am doing, but I need to order this thing...' I wonder if when we leave, they all start laughing at us and call us a 'bunch of fucking idiots.'

        I hope so...because we have some real arrogant bastards in IT who really need to realize that nobody else really gives a damn about the difference between right-click and left click...
        • Exactly. The sales guy should NOT have to worry about how to patch his OS, deal with virii, etc.

          Put the users on a locked-down *nix machine with alternative browsers and (especially) email clients. Not the ultimate solution, perhaps, but it's got to be better than dealing with virus, trojan and spyware problems.
          --
          Random Signature #1
          Generated by SlashdotRndSig [snop.com] via GreaseMonkey [mozdev.org]
        • "Hi, i'm clippy! I'm here to teach you how to use the computer and NOT screw up!"

          "This is a mouse. It has two buttons. When you click the right button it's called a right click."

          "Whoa! Be careful with that popup! It appears to be a message from your computer, but it's an internet explorer window!"

          I mean, they did a good tutorial on 'posting and you', why can't they make a tutorial on using the computer? I'd give the CD to ALL my newbie customers.
        • Similarly, I'm always a bit annoyed by people on Slashdot calling the less computer-savvy "Joe Luser". Come on! Here's a guy that didn't spend all of his friday nights behind his computer, and as a result has some difficulty with badly designed software. Why call him a Loser?

      • Re:This is why the "double standard" (Score:5, Insightful)

        by Blkdeath ( 530393 ) on Saturday May 21, 2005 @10:18AM (#12598672) Homepage
        The simple rule is to know what you're doing, or, if you don't know what you're doing, have it done by someone you trust. People don't start working on their cars unless they know what they're doing.

        Conversely, many people start working on cars to learn how to do it.

    • Re:This is why the "double standard" (Score:4, Insightful)

      by Smidge204 ( 605297 ) on Saturday May 21, 2005 @08:45AM (#12598367) Journal
      What is the trusted source for those simple rules now that the situation is so out of hand?

      How about http://www.microsoft.com/ [microsoft.com] instead of your e-mail's inbox?
      =Smidge=
      • Exactly. I'm all for Microsoft bashing, but come on, if users are stupid enough to fall for this kind of thing then you can't really blame Microsoft.

        Sure, more frequent updates would be nice, but most users won't bother downloading them anyway. The main reason we have so many pieces of spyware, viruses and other shite going around the internet is user stupidity.
        I don't download updates very often (mainly because I'm on 56k, but still), I have a working firewall and an out of date AV program, but for around
    • people come out to say "thank gosh it was...

      I know nobody that says "thank gosh!" Who is gosh and why would you thank him/her/it?

  • How is this news? (Score:4, Insightful)

    by shyampandit ( 842649 ) on Saturday May 21, 2005 @08:24AM (#12598280) Homepage
    I wonder how slashdot posts stuff like this, which is very common thing, that has been done numerous times.

    Social Engineering is getting to be an easier way for the script kiddes to get more victims, as more people put SP,2 which has the firewall enabled by default and so the usual attacks dont work.
    • No, this is probably new. You may be forgetting one minor subtlety of previous announcements, look closer: "Genuine Microsoft Patch Triggers Virus Attack"

      • Re:How is this news? (Score:5, Informative)

        by tomhudson ( 43916 ) <barbara,hudson&barbara-hudson,com> on Saturday May 21, 2005 @10:13AM (#12598660) Journal
        No, you should look closer. Like too many slashdot stories lately, the headline isn't exactly what one would call a model for journalistic accuracy.
        1. It wasn't a virus (it was a trojan in an email attachment, claiming to be a copy of the patch)
        2. It wasn't from Microsoft
        3. Its release wasn't triggered by Microsoft releasing a genuine patch. Check your spam filters - I'm sure most of us receive these "cumulative Microsoft patches" on a regular basis.
    • Social Engineering => Stupidity Exploitation => Slashdot Entertainment

    • Re:How is this news? (Score:2, Insightful)

      by bcmm ( 768152 )
      This is GOOD! If it isn't worth anyone's while to make proper attacks, we don't need to bother with securing anything! We just avoid doing stupid things like we always did. All we need is to make sure that there are always enough stupid users that the script kiddies continue to launch only social engineering attacks.

      So, all sysadmin /.ers reading this, keep your users stupid. It's in everyone's best interests (except your user's, obviously). If you teach them not to open attachments, you will soon be havi

  • The point is... (Score:5, Interesting)

    by NineNine ( 235196 ) on Saturday May 21, 2005 @08:26AM (#12598288)
    OK, we get it. Don't run random attachments that people you don't know email to you. Why is this news? I get probably a hundred emails with viral attachments daily. Is Slashdot somehow suggesting that this is Microsoft's fault in some bizarre, convoluted way?

    • Re:The point is... (Score:5, Interesting)

      by MichaelSmith ( 789609 ) on Saturday May 21, 2005 @08:38AM (#12598341) Homepage Journal
      Don't run random attachments that people you don't know email to you.

      My clueless co-workers are constantly sending me MS Office formatted files which I am expected to blindly execute. Everybody else in the company does it and they look at me strangely for complaining.

      Because of the way the IE shell interface works there is no good way to distinguish between a document file and an executable made up to look like a document file.

      The people who run the Windows side of our network aren't worried. They point to the virus filters on email and say "nothing bad can get in, why worry?"

      Everybody is taught to run attachments. Nobody is taught not to.


      • My clueless co-workers are constantly sending me MS Office formatted files...

        That's because it is much more temporarily impressive to use colour, underlining and bold in messages to show that the writer is important and wants to be noticed.

        Of course, a carefully thought-out, insightful and direct message goes largely unnoticed.

        In most organizations there is so much email flying around that many just ignore most of it. A lot of people do not understand (and actually abuse) the concept of CC. It's a si

  • Nice confirmation of the fact... (Score:5, Interesting)

    by dos_dude ( 521098 ) on Saturday May 21, 2005 @08:26AM (#12598290) Homepage
    ... that the best software in the world couldn't protect you from the stupidity of the guy in front of the monitor. Makes you wonder who is worse: Microsoft or their users?

    • However, with a better security based system, the virus would be contained to user level processes and hopefully not compromise the system. The user would lose their crap.
      Tough one there, maybe they'll learn. Unlikely, though. Most times they blame the IT staff for not preventing them from being as dumb as they are.
      • However, with a better security based system, [...]

        Like the one NT has had since 1993, you mean ?

        [...] the virus would be contained to user level processes and hopefully not compromise the system. The user would lose their crap.

        So they'd only lose the most important data ? I'm sure that would be comforting.

    • ... that the best software in the world couldn't protect you from the stupidity of the guy in front of the monitor. Makes you wonder who is worse: Microsoft or their users?

      As the saying goes, make something idiot-proof and along will come a better idiot. Microsoft's interface changes so drastically towards disabling the need for users to think that they become more complacent with each release. It used to be that even my non-computer-literate friends, family and colleagues used to talk about the need

    • It's a much more general education thing (Score:4, Insightful)

      by jesterzog ( 189797 ) on Saturday May 21, 2005 @05:34PM (#12601001) Journal

      ... that the best software in the world couldn't protect you from the stupidity of the guy in front of the monitor. Makes you wonder who is worse: Microsoft or their users?

      Not properly evaluating or understanding attachments that are sent via email is synonymous to not critically evaluating any information that's received... such as faithfully believing whatever happens to be published on the television evening news.

      Personally I'm not sure if it's so much a computer training issue. A lot of these problems might be solved in one go, if only the education system could focus a bit more on training people to be critical and cautious of all information that they receive.

      I'm not trying to imply that this is all the education system's fault, either. Society's just screwed up right now, and there are so many contradictory messages out that that completely undermine so much of what good education actually has to offer.

  • Typical Slashdot FUD (Score:5, Funny)

    by Timesprout ( 579035 ) on Saturday May 21, 2005 @08:26AM (#12598291)
    Microsoft try and help users by providing easily accessible patches and they get blasted for it. I installed this patch yesterday and my machine works just fin^&*%^$%#%&^ [NO CARRIER SIGNAL]

  • Stupid people (Score:2, Insightful)

    by whackco ( 599646 )
    Anybody still stupid enough to open attachements in emails like this DESERVE to get infected and have their harddrives ERASED.

    Better yet, too bad the virus can't mutate from electronic to biologic means, that might solve our problems.

    I see stupid people.

    • Re:Stupid people (Score:2, Insightful)

      by dos_dude ( 521098 )

      Anybody still stupid enough to open attachements in emails like this DESERVE to get infected and have their harddrives ERASED.

      Yeah. But the problem is that these people aren't having their harddrives erased, they have their machines turned into zombies so we don't run out of spam, bounces, and worms.

    • Re:Stupid people (Score:5, Insightful)

      by m50d ( 797211 ) on Saturday May 21, 2005 @09:03AM (#12598415) Homepage Journal
      Why? They're just doing what they've been taught. They've been taught that anyone can use a computer (that's what all the MS advertising says). They've been taught that anyone can use the internet (that's what all the AOL advertising says). They've been taught that if they don't click yes at dialog boxes, things don't work (A very similar security warning is seen two or three times when logging in to hotmail. So users learn they're not serious) How can you blame them for simply doing what they've been taught?

  • Patches (Score:2, Insightful)

    by jokestress ( 837997 )
    "When you're going down a path of destruction, you can keep putting patches on the tires - patch, patch, patch - but eventually the tire is going to burst."

    -- From an article on the imminent collapse of Zimbabwe [nytimes.com], but it seemed germane to the thread...

    • The analogy doesn't work on software. You can argue that any upgrade or any new version of a piece of software is a patch. Yes, that includes open source software as well as closed software.
    • So Linux, *BSD, Solaris, OSX, etc, etc, etc, don't need patches?

      Sorry, analogies like that don't work with software.

  • Email Patch? (Score:5, Funny)

    by Anonymous Coward on Saturday May 21, 2005 @08:30AM (#12598307)
    What, does it claim to be from Gates?
    Hey guys,

    it's Bill, again, we noticed some stuff was kinda screwed up, lol, but we fixed it. Here is the patch, ENJOY!

    -- Bill

  • You know what'd stop lame social engineering (Score:5, Insightful)

    by Anonymous Coward on Saturday May 21, 2005 @08:31AM (#12598317)
    In Gavin De Beckers book 'The Gift of Fear' he says that an effective way to stop assassins topping off high profile people is not to give them glorious media write ups. Bring 'em down a notch by stating what they are - savages who don't deserve civilization. Bruce Schneier talks about the same thing-publicity attacks. People who want attention. So stop paying attention to them.

    Now, I'm all for making public the attacks but I think we should start bagging out the actual attackers. Cmon, social engineering through an email? Sure it'll fool a few people, and a few people is all you need to bring down a network, but let's patronise these guys. They're fuckin' con men for pete's sake and lame conmen at that. The only people they're tricking is morons. I move for guys like this to be put down at every chance.

    Stop glorifying criminals!

    • In Gavin De Beckers book 'The Gift of Fear' he says that an effective way to stop assassins topping off high profile people is not to give them glorious media write ups.

      Well I have long held the opinion we spend far too much money particularly protecting politicians. I think we should spend less and if a few of them get knocked off they it will help to filter out the self serving interest bastards. They are supposed to be public servants, not divine personages and its not like they are irreplacable n
    • Stop glorifying criminals!

      But, but the media needs headlines! It's hard coming up with original stories.

      Besides, stories like these are seksy.
    • It wouldn't make a dent at all. They aren't in it for the publicity, they're in it for the zombies. 0wn3d boxes = power to send spam, do DDoSs, etc.

      "The only people they're tricking is morons."

      But there's tons out there, and that's enough for them. That's like saying "all they're breathing is air." There's no shortage.

  • "cumulative patch" (Score:5, Funny)

    by bogaboga ( 793279 ) on Saturday May 21, 2005 @08:33AM (#12598326)
    Cumulative patch? Now, that's a new term. Microsoft's ways are forcing us to get used to new terms in the computer field. Since this business of patching has become "business as usual" for M$, how about a new acronym for the procedure? I suggest cumpatch to stand for "cumulative patch".
  • Maybe this is the culmination of years of Microsoft tracking Forwarded Emails?? -I'm still waiting for my $5000 or Disney Vacation.

  • With patches like this! (Score:4, Funny)

    by diablobsb ( 444773 ) on Saturday May 21, 2005 @08:48AM (#12598379)
    with patches like this....
    http://www.microsoft.com/downloads/details.aspx?Fa milyID=905b4d10-9cde-4d32-b576-c942d1375ceb&displa ylang=en [microsoft.com]

    it is very hard to tell which ones are for real....

  • Linux users would probably fall for this social engineering too, if it wasn't so expensive [zdnet.com.au] to patch Linux systems.

  • Sandbox (Score:2, Interesting)

    by datadriven ( 699893 )
    If Outlook and Outlook Express ran in a sandbox it woud fix most of these issues wouldn't it?
    • Not necessarily. I use Thunderbird for my email and there is absolutely nothing to stop me from saving/running executable attachments receieved via email.

      The fortunate thing is that unless the user had edited the registry he/she is safer with later versions of Outlook which actually block executable files from being saved or ran, period.

  • My God, why do people still click on these posts? (Score:3, Interesting)

    by LM741N ( 258038 ) on Saturday May 21, 2005 @09:09AM (#12598430)
    We need an internet/computer Darwin awards, haha.
    After year of preaching to the converted, the converted are still only about 10%.

    Rob.
  • Since when is it Microsoft's fault that people are duped into running this?

    Anything that mentions Windows here on slashdot results in a barrage of 'Linux' this and OSS that and how wonderful Firefox is etc etc.

    Well people, if Firefox ever reached the 90% usage that IE has exactly the same kind of scam would happen when a Firefox patch was issued.

    Am I the only one here over 21 and not still at school?

    • Re: (Score:3, Insightful)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion
  • Although it's just adware/spyware is the "recommended hotfix" that shows up in user's Add/Remove Programs.
  • The latest social engineering trick arrives via e-mail with an attachment that purports to be a 'cumulative patch' for May 2005.'"

    Hrm, the date may have changed, but this 'latest trick' has been around for a long time..

  • Windows Automatic Update (Score:3, Informative)

    by Gary Destruction ( 683101 ) * on Saturday May 21, 2005 @09:28AM (#12598489) Journal
    Users should just let Windows Automatic Update download security updates for them. It takes place in the background non-intrusively and users are notified when they are ready to be installed.
    • As a tech in a white box store I will say you are wrong. M$ update should be set to notify that they are available, then you tell it to download and install. Based on past performance and possible nefarious future limitations, only a fool lets Small&Limp do anything their computer without supervision. Of course most users that still open an email claiming to be from M$ are always going to find away for stupidity to triumph. Believe me, I've seen a lot of dumb users, they keep us in business, for the las
  • does Microsoft have to tell people that they DO NOT EMAIL PATCHES OR UPDATES? They even set up Windows Update to run with the "Automatic Update" as default. What do we need, M$ to issue pain collars for these folks to mentally condition them to not open any attachment claiming to be from M$?
    • Comment removed based on user account deletion

      • can demonstrate such through some kind of certification...

        ...then every other Joe Sixpack who gets charged twice as much for his broadband connection to cover the cost of the sensible users having to clean up their PCs because he doesn't.

        Good idea with the tiered service. I'd jump on that.

      • I'd support that, if the way that one would demonstrate being 'sensible' was something other than a 'certification', as those are fairly universally meaningless, as one can be a complete moron and get things like MCSE, A+, etc, and often those of us who arent stupid enough to fall for things like 'emailed updates from MS' (of course, not using anything from MS makes it that much easier) often dont have the inclination, time, or money to pay to take some idiotic test that (obviously in the case of MCSE, but

  • OT: "Social Engineering" (Score:3, Funny)

    by pipingguy ( 566974 ) on Saturday May 21, 2005 @10:19AM (#12598682)

    Is the tech world's redefinition of the term diluting its original meaning [wikipedia.org]?

    It's interesting to note that the tech definition seems to be popularly eclipsing the traditional meaning (read the link above to see what I mean).

    A quick re-education for those under 30:

    RAM=male sheep
    ROM=Royal Ontario Museum
    Memory=something in your head
    Monitor= A heavily ironclad warship of the 19th century
    Mouse=rodent
    Snopes=William Faulkner character
    Slash=a cut or swinging move
    Dot=. or period

    Feel free to add your own examples, I've left many out just to spark creativity on a boring Saturday.
  • Comment removed based on user account deletion

  • New? (Score:2)

    by aonaran ( 15651 )
    This isn't really a new trick, we were getting these e-mails and blocking them out several months ago.

    Just when I thought this technique had died out slashdot runs a story about it as if it were something new and cunning the virus writers had just come up with.

  • people gullible to believe Microsoft's "Get the Facts" campaign are just as gullible to download fake patches.

    w00t.

  • I doubt it has to do with timing... (Score:3, Insightful)

    by MadAnthony02 ( 626886 ) on Saturday May 21, 2005 @11:24AM (#12598978)

    Yes, the techies who read slashdot (and other tech news) and who work on computers all day know that Microsoft released a bunch of patches, but I would guess the average user doesn't. I would certainly guess that someone who doesn't know enough not to click on executable attachments in email, and doesn't know that Microsoft doesn't email it's patches to user, would not know that MS released a bunch of patches.

    I think Slashdot has overestimated the cunning of the virus author and his timing..

    • Re:I doubt it has to do with timing... (Score:5, Interesting)

      by MightyMartian ( 840721 ) on Saturday May 21, 2005 @11:48AM (#12599132) Journal
      The fact is that Microsoft (and other companies as well) have time and time again said "We don't email updates/credit card requests/bank account requests/etcetera ad nauseum". People simply are not listening, and I'm not too sure how they will ever learn.

      Perhaps if ISPs started actually billing people when they spewed out viruses and spam, that might have some effect. It wouldn't have to be much, a couple of bucks maybe, but the point is, I don't think anything else is going to get it through the average user's head.

  • ...a cumulative patch for Windows. It's called Mac OS X.

Slashdot Top Deals

Remember to say hello to your bank teller.

Close