Scary & disturbing re updates to XP (& Win2k) - spoofs, pop-ups, etc.

From: Al Davis (no-email_at_no-one.net)
Date: 08/16/04 

Date: Mon, 16 Aug 2004 02:12:04 GMT

Howdy: I'm helping a friend (novice user) update his Windows XP "Home
Edition" on a Sony Vaio PC he purchased some time ago at Best Buy. The
Sony OEM OS CD set he got had a very early ver. of XP - pre-Svc Pak1,
circa 2000. He's had lock-up probs with his machine on-and-off, so we
re-installed - wiping his hard drive. Very first thing we did after
install was to go online to get the lastest updates from MS website.
We're still going thru the steps (Service Pack 1 itself takes like 3
hours to download on a dial-up line), but already we've seen some
disturbing stuff:

o Went to [windowsupdate.microsoft.com] (typed in carefully).
Downloaded the 2MB updater utility. Had to restart the OS. Next time
we go to the update site, I interrupted the "scanning for updates"
thing (33%, 66%, etc), by hitting the "Back" button in browser (I'm
using whatever ver of IE came with the sys). When I did this, ANOTHER
WEBSITE - TOTALLY DIFFERENT came up - displaying two or three
independent window frames - including some invitations to X-rated
site, some other crap. KEY POINT: The trigger for this invasion was
simply my CLICKING THE BACK (left arrow) ICON IN IE. My reaction:
Wow! But it gets worse - keep reading.

o Killed those proceses. Restarted. Went again to [win ... com].
Managed to get the 28 MB "install this before anything else" download
of SVC Pak 1 going. While it was coming down we saw enticing
spoof-type pop-ups appear periodically on the screen. Here's an
example of one:
--------
Messanger Service
Message from Microsoft Networks to Windows User on 8/15/2004 5:00 pm
Microsoft Security Bulletin M S03-043
Buffer Overrun in Messenger Service could allow code execution
(838035)
Affected Software:
Microsoft Windows NT workstation
Microsoft Windows NT server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Not Affected Software
Microsoft Windows Millenium Edition

Your System is affected, download the patch from the address below!
First type the address below into your internet browser then click ok.
www.patchwindows.org

------------
Note that I've also seen this and other popups show up in my own
Windows 2000 system before I updated it. (AFter completing updates,
they stopped. )

o Here's the worst thing. After the 28 MB download completes, the
updater says it's installing the files. Then it says it's running
some "processes". There it hangs forever. So okay - I restart the
system. (Note that Ctrl-Alt-Del does NOT work at this point - is it
disabled I wonder?) When I come back up, I connect again using IE.
Again I type carefully into browser window:
[windowsupdate.microsoft.com] [Enter] and Lo and Behold ... THE SAME
CRAP I SAW BEFORE WHEN I HIT THE BACK ICON COMES UP AGAIN!!! Multiple
windows .... X-rated invitations ... Definitely NOT the Windows Update
website. How can this be? How can a browser NOT take you to the URL
you specifically request? I *think* the URL we went to was something
like: http://www.tinyURL/MagNetsomething_or_other... I was so put
off, I forgot to write down exactly what it said.

Questions:

1. How can a non-infected, straight-out-of-the-box browser behave
this way .... seemingly allowing itself to be commanded from elsewhere
to take users to unintended destinations?

2. Where are these pop-ups coming from? How are they getting
through? What happens to unsuspecting users who follow the
instructions in them?

3. Could it be that my friend's system is *already* infected somehow
- even though we've barely got through the SvcPak 1 download? If so,
how did it happen? If not, should I go ahead and continue with the
umpteen other updates that are still out there?

4. Given how tedious (and dangerous) it is to update this primitive
version of XP, should my friend consider securing a newer release CD
that already has the updates on it? Do we think Sony and Best Buy
(not to mention Microsoft) are aware of how much grief their products
are causing to unsuspecting end-users? If they do, has anyone heard
of them commenting - or maybe issuing a "recall", a la the car
companies? Do we think Sony or Best Buy would supply such a CD (say -
for a nominal charge, or even freei) if you pointed out to them how
badly their original stuff behaves? Wouldn't that be the right thing
for to do for a conscientious, good citizen-type company?

Thanks for your attention
Al Gabis Jr.
Camp Sprngs, Maryland
www.SpiritualNeighborhood.org

Loading