Thread: Windows Update was acting very suspiciously this morning...
View Single Post
  #5 (permalink)  
Old 11-14-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Windows Update was acting very suspiciously this morning...
Deane wrote:
> On Nov 13, 10:46 am, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
>> Deanewrote:
>>> On Nov 13, 7:39 am,Deane<de...@blendinteractive.com> wrote:
>>>> I've had the Windows Update icon in my system tray for a while, and
>>>> the lone update (SP3) always failed to install for some reason.
>>
>>>> This morning, I decided to go through the browser in the hopes that I
>>>> would get some kind of error message I could follow up on.
>>
>>>> I opened Windows Update through the start menu.
>>
>>>> IE opened to "update.microsoft.com," and I got an information bar that
>>>> I need to authorize an ActiveX control.
>>
>>>> Weird thing was, the referenced add-on was "'DTBDOT~1.ocx' from
>>>> 'ALLTEL (unverified publisher)'".
>>
>>>> Who is ALLTEL? Why are they wanting to run ActiveX controls on
>>>> Microsoft's own site? And why would they be unverified?
>>
>>>> I got to wondering if this was a man-in-the-middle attack. I checked
>>>> my HOSTS file for rogue entries, but found nothing.
>>
>>>> I pinged "update.microsoft.com" and it came back "65.55.184.93".
>>>> Reverse DNS failed to resolve, but there was a pointer to
>>>> "update.microsoft.com.nsatc.com."
>>
>>>> What is "nsatc.com"? I tried to pull this up in a browser, but it
>>>> doesn't resolve.
>>
>>>> Needless to say, I didn't do the update.
>>
>>>> So...does all this seem weird to anyone else?
>>
>>> I tried on my computer at the office, and I did not get prompted to
>>> load that ActiveX control. Additionally, I searched the controls
>>> currently installed, and it did not appear anywhere.
>>
>> Alltel is/was a wireless provider which was/is being acquired by Verizon;
>> cf.http://en.wikipedia.org/wiki/Alltel
>>
>> Were you connecting via a wireless USB key at home (or wherever you were
>> at
>> the time)?
>>
>>>> I've had the Windows Update icon in my system tray for a while, and
>>>> the lone update (SP3) always failed to install for some reason.
>>
>> WinXP SP3 - Read all prerequisites for a successful
>> installationhttp://msmvps.com/blogs/harrywaldron/archive/2008/05/08/windows-xp-sp...
>>
>> Free unlimited installation and compatibility support is available for
>> Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and
>> e-mail support is available only in the United States and Canada. Go
>> tohttp://support.microsoft.com/oas/default.aspx?gprid=1173| select
>> "Windows XP" then select "Windows XP Service Pack 3" --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Adminhttp://aumha.net
>> DTS-Lhttp://dts-l.net/
>
> Well, I know who Alltel is, I guess, but why would they be trying to
> install an ActiveX control on the Microsoft Update site?

Repost:
>> Were you connecting via a wireless USB key at home (or wherever you were
>> at
>> the time)?

Reply With Quote