Thread: Windows Update was acting very suspiciously this morning...
View Single Post
  #4 (permalink)  
Old 11-14-2008
Deane
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
On Nov 13, 10:46*am, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
> Deanewrote:
> > On Nov 13, 7:39 am,Deane<de...@blendinteractive.com> wrote:
> >> I've had the Windows Update icon in my system tray for a while, and
> >> the lone update (SP3) always failed to install for some reason.
>
> >> This morning, I decided to go through the browser in the hopes that I
> >> would get some kind of error message I could follow up on.
>
> >> I opened Windows Update through the start menu.
>
> >> IE opened to "update.microsoft.com," and I got an information bar that
> >> I need to authorize an ActiveX control.
>
> >> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
> >> 'ALLTEL (unverified publisher)'".
>
> >> Who is ALLTEL? Why are they wanting to run ActiveX controls on
> >> Microsoft's own site? And why would they be unverified?
>
> >> I got to wondering if this was a man-in-the-middle attack. I checked
> >> my HOSTS file for rogue entries, but found nothing.
>
> >> I pinged "update.microsoft.com" and it came back "65.55.184.93".
> >> Reverse DNS failed to resolve, but there was a pointer to
> >> "update.microsoft.com.nsatc.com."
>
> >> What is "nsatc.com"? I tried to pull this up in a browser, but it
> >> doesn't resolve.
>
> >> Needless to say, I didn't do the update.
>
> >> So...does all this seem weird to anyone else?
>
> > I tried on my computer at the office, and I did not get prompted to
> > load that ActiveX control. *Additionally, I searched the controls
> > currently installed, and it did not appear anywhere.
>
> Alltel is/was a wireless provider which was/is being acquired by Verizon;
> cf.http://en.wikipedia.org/wiki/Alltel
>
> Were you connecting via a wireless USB key at home (or wherever you were at
> the time)?
>
> >> I've had the Windows Update icon in my system tray for a while, and
> >> the lone update (SP3) always failed to install for some reason.
>
> WinXP SP3 - Read all prerequisites for a successful installationhttp://msmvps.com/blogs/harrywaldron/archive/2008/05/08/windows-xp-sp...
>
> Free unlimited installation and compatibility support is available for
> Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
> e-mail support is available only in the United States and Canada. *Go tohttp://support.microsoft.com/oas/default.aspx?gprid=1173| select "Windows
> XP" then select "Windows XP Service Pack 3"
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Adminhttp://aumha.net
> DTS-Lhttp://dts-l.net/

Well, I know who Alltel is, I guess, but why would they be trying to
install an ActiveX control on the Microsoft Update site?

Deane

Reply With Quote