Crackers In the Midst of Windows Updates
With both a mandatory Windows XP Service Pack 2 and 'Patch Tuesday' set to land tomorrow, crackers are seeking to mislead users into downloading malware with bogus update notifications.
With its latest service pack set to become a mandatory install for many users, and "Patch Tuesday" promising to deliver critical fixes, Microsoft is about to become download central, with crackers lining up to exploit the confusion.
Microsoft released Windows XP Service Pack 2 (SP2) in mid-August of 2004. Responding to concerns over the large number of changes the release introduced, some of which caused applications to stop working for end users due to security changes, the company released a collection of tools to prevent automatic update of Windows XP systems. The tools included a group policy management template, a signed application, and even an e-mail template with a URL link that would disable delivery of the update.
Tuesday, April 12 marks 240 days since SP2 was released. For users or companies that have automatic software updates enabled, tomorrow will also mark the download and installation of SP2 unless they disable automatic software updates, or are pulling their updates down from an internal update server. Microsoft spokespersons have been careful to point out that disabling Microsoft's Automatic Update will also disable automated installation of SP2.
Tomorrow is also "Patch Tuesday," Microsoft's recently minted tradition of using the second Tuesday of the month to release updates to its products. The update is set to include a number of patches to critical vulnerabilities, though Microsoft has stuck to its other tradition of doing little more than note which applications will be affected by the updates without going into specific detail. The company's update announcement reports tomorrow's patch release will include five bulletins affecting Microsoft Windows, one bulletin affecting Microsoft Office, one bulletin affecting MSN Messenger, and one bulletin affecting Microsoft Exchange.
The collection will also include an updated version of the Microsoft Windows Malicious Software Removal Tool, though that tool will not be distributed using Microsoft's Software Update Services (SUS).
In the midst of all the update-related news, crackers have taken the opportunity to sew some confusion and net a few gullible users. According to an announcement posted Friday by security firm Sophos, an e-mail designed to divert users to a malicious replica of Microsoft's update site has been circulating. The malicious site then installs a Trojan that allows remote users to take over the compromised system.
Sophos provided no identifying information on the mail besides several subject lines, including "Update your windows machine", "Urgent Windows Update", and "Important Windows Update."