I've had the Windows Update icon in my system tray for a while, and
the lone update (SP3) always failed to install for some reason.

This morning, I decided to go through the browser in the hopes that I
would get some kind of error message I could follow up on.

I opened Windows Update through the start menu.

IE opened to "update.microsoft.com," and I got an information bar that
I need to authorize an ActiveX control.

Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
'ALLTEL (unverified publisher)'".

Who is ALLTEL? Why are they wanting to run ActiveX controls on
Microsoft's own site? And why would they be unverified?

I got to wondering if this was a man-in-the-middle attack. I checked
my HOSTS file for rogue entries, but found nothing.

I pinged "update.microsoft.com" and it came back "65.55.184.93".
Reverse DNS failed to resolve, but there was a pointer to
"update.microsoft.com.nsatc.com."

What is "nsatc.com"? I tried to pull this up in a browser, but it
doesn't resolve.

Needless to say, I didn't do the update.

So...does all this seem weird to anyone else?