"Users might be particularly vulnerable to e-mails claiming to be from Microsoft this week. On April 12, Microsoft will make the Windows XP Service Pack 2 upgrade automatic for any machine that accesses the Windows Update utility at Microsoft's official update site.

Much has been made in recent weeks of the upcoming deadline for Windows XP Latest News about Windows XP users to update their operating systems with the large Service Pack 2 update.

Now, malicious hackers appear to be exploiting the public's concern over updates by distributing a bogus link to a Windows Update site.

The site, when accessed from an e-mail posing as a Microsoft notice, installs Trojan code on the user's machine and opens a back door that allows the PC to be controlled remotely.

This virus, like many others, takes advantage of users' powerful urge to click on e-mail attachments and links, even when their origin is suspicious.

An enormous amount of virus traffic on the Internet could be stopped if e-mail recipients simply would stop doing so, Graham Cluley, senior technology consultant with security Latest News about Security firm Sophos, said."


Just saw this. Looks like you're forced to download SP2 now.

Yes, you will be forced after today.

Does this affect any of our machines? What if someone foolishly accesses Windows Update...would DeepFreeze be able to roll this back?

I got an email from someone claiming to be ebay, wanting me to click on a link to update my credit card. I clicked on the link, and it wasn't on ebay.com, but it looked exactly like ebay. I used my leet skillz and didn't go any further.

mmm phish

I got an email from someone claiming to be ebay, wanting me to click on a link to update my credit card. I clicked on the link, and it wasn't on ebay.com, but it looked exactly like ebay. I used my leet skillz and didn't go any further.

Typical phishing e-mail. Might also come from a large bank or credit card issuer.

People who get caught doing this should be castrated

In the countries most of those e-mails originate from, that is considered a fitting punishment. Too bad no one over there polices it or gives a damn.

Does this affect any of our machines? What if someone foolishly accesses Windows Update...would DeepFreeze be able to roll this back?

Kate and I took care of that in the Underground. The machines are pointed at our SUS server, which wont allow SP2.

Typical phishing e-mail. Might also come from a large bank or credit card issuer.

I like the ones that are savvy enough to try to do some DNS redirection, all that jazz. I mean, honestly, if you're gonna try that, may as well do it as well as is humanly possible.

Honestly, the thing to do is never click a link in e-mail, unless it's to something where you're never going to enter secure information. If paypal sends me something saying I need to verify my credit card info, I go there on my own.

Pre-SP2 people can have problems with the e-mail opening a Java window right over their browser's address field to make it appear they really ARE visiting the right site.

I had this phishing email about a month ago. It looks just like a Sprint newsletter and any links you click will verify that your email is real to them. The kicker was the from address being "SprintPCS@SprintPCS.rsc03.com" and Sprint doesn't send me any newletters.

That's a good point, James. When in doubt, check the company's website for the privacy policy. They have to spell out their policy on sending you e-mails.

PayPal has a whole section about "what do real PayPal e-mails look like".

One of my buds at KAMP student radio just got that paypal email and we checked the domain it came from and it looks like they jumped through some non-configured box running apache, we couldn't tell where it came from originally, though.

Phish e-mails are pretty much the only ones that make it through iMail's filter, so I get at least one every two weeks. I usually just ignore them, because they're from banks I'm not part of. If you get an eBay one, just forward it to spoof@ebay.com

Getting back on topic, I'm glad to see that MS is forcing people to download SP2. There really is no reason NOT to get it. Initially there were compatibility complaints with AMD64 chips but I think that was blown out of proportion.

SP2 is safer, faster, and mo betta than SP1/SP1a.

Getting back on topic, I'm glad to see that MS is forcing people to download SP2. There really is no reason NOT to get it. Initially there were compatibility complaints with AMD64 chips but I think that was blown out of proportion.

SP2 is safer, faster, and mo betta than SP1/SP1a.

/agree

Most people I've encountered are updated to SP2, but there is still the odd few. However, it is a good idea to clean their system of viruses/malware before updating to avoid the problems/corruptions some encounter. If people are forced to update with an infected computer, they could be risking more problems :(

Well, it could be a problem for some people, for instance, the college of humanities is apparently still at SP1, and doesn't want to move to SP2. One woman I work with did, and it totally hosed her machine. I don't really know what CoH's deal is, but I think it's time they straighten it out.

There was a "SP2 blocking tool" that MS made, but they've since stopped using it and have said it will no longer prevent you from getting SP2. The SUS server at the ILC allows us to control whether or not we get it.....and for now, we've decided not to (lack of testing and such).