On Nov 13, 7:39*am, Deane <de...@blendinteractive.com> wrote:
> I've had the Windows Update icon in my system tray for a while, and
> the lone update (SP3) always failed to install for some reason.
>
> This morning, I decided to go through the browser in the hopes that I
> would get some kind of error message I could follow up on.
>
> I opened Windows Update through the start menu.
>
> IE opened to "update.microsoft.com," and I got an information bar that
> I need to authorize an ActiveX control.
>
> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
> 'ALLTEL (unverified publisher)'".
>
> Who is ALLTEL? *Why are they wanting to run ActiveX controls on
> Microsoft's own site? *And why would they be unverified?
>
> I got to wondering if this was a man-in-the-middle attack. *I checked
> my HOSTS file for rogue entries, but found nothing.
>
> I pinged "update.microsoft.com" and it came back "65.55.184.93".
> Reverse DNS failed to resolve, but there was a pointer to
> "update.microsoft.com.nsatc.com."
>
> What is "nsatc.com"? *I tried to pull this up in a browser, but it
> doesn't resolve.
>
> Needless to say, I didn't do the update.
>
> So...does all this seem weird to anyone else?

I tried on my computer at the office, and I did not get prompted to
load that ActiveX control. Additionally, I searched the controls
currently installed, and it did not appear anywhere.

Deane