Windows Client UPDATE--Patch Tuesday Spawns Phishing Scams--April 14, 2005

Malicious users are taking advantage of Microsoft's monthly patch release to try to con users into visiting fake Web sites and in doing so the users get a Trojan installed on their systems.

David Chernicoff

April 13, 2005

11 Min Read
ITPro Today logo in a gray background | ITPro Today

Subscribe to Windows IT Pro: http://www.winitpro.com/rd.cfm?code=00eu205xcL

Make sure that overzealous antispam software doesn't block your copy of Windows Client UPDATE--add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Client UPDATE.

Diskeeper - The Number One Automatic Defragmenter http://www.executive.com/profile/submit-select.aspx?a=l&PId=95&ad=witpdk6

Is Your Office Truly Fax Integrated? http://www.windowsitpro.com/whitepapers/faxback/officefax/index.cfm?code=wclntnl_0414

===============

1. Commentary
- Patch Tuesday Spawns Phishing Scams 2. News & Views
- Microsoft Removes Windows XP SP2 Block, World Doesn't End 3. Peer to Peer
- Tip: Adjust the Bandwidth Available to System Services
Featured Thread: Match Your Wits Against Anglers 4. New and Improved
- Recover Overwritten Office Files
- Tell Us About a Hot Product and Get a T-Shirt! ==== Sponsor: Diskeeper - The Number One Automatic Defragmenter ==== Keeping your systems up and running and available to the users is vital! Slow, crash-prone systems have a devastating effect on your organization's productivity. Disk fragmentation is a major cause of crashes, slowdowns and freeze-ups, and it must be kept in check. Fortunately, there is a solution: Diskeeper, the Number One Automatic Defragmenter. Automatic defragmentation boosts performance and reliability, reducing help desk traffic by heading off problems before they become emergencies. See for yourself-download a FREE 30-day fully-functional evaluation version of Diskeeper. Install it then just "Set It and Forget It", and watch as the problems caused by fragmentation simply disappear! See why over 16 million Diskeeper licenses have been sold-get your evaluation version of Diskeeper 9 now!
http://www.executive.com/profile/submit-select.aspx?a=l&PId=95&ad=witpdk6

==========

==== 1. Commentary: Patch Tuesday Spawns Phishing Scams ====
by David Chernicoff, [email protected] Microsoft released eight patches this week, five of which the company deemed critical and will require that you reboot the computer after installation. Although that's a serious set of patches, the release occurred on the scheduled release date for patches (second Tuesday of the month), and your Windows XP computer should have downloaded the patches according to how you've configured Windows Update to work for you. You (or your users) might also get an email alert about yet another update that's reported as critical for Windows users. If so, remember one important detail: Microsoft doesn't alert users to updates via email. If a user clicks the apparent link to the Windows Update site included in the email message, a Trojan horse, Troj/DSNX-05, installs itself and grants a malicious user backdoor access to the infected computer. The Trojan then copies itself to the System directory using a randomly chosen name from the list of DLL files typically found at that location but with an .exe file extension instead of .dll. The installer program then adds an entry to the registry so that the program reinstalls itself at boot. If you believe your system has been compromised, run your antivirus program or check the registry for the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWinDSNX= subkey. Remember, if you use Microsoft Office Outlook as your email client, the actual URL of a link will appear when you run the mouse over the suspect link without clicking. Other email applications will show you the actual URL of a link at the bottom of the screen. Phishing emails appear to list valid links. But although the displayed URL is valid, the HTML code that displays the link routes the user to a different location. There's nothing new about this type of attack, but because it coattails so closely with the security patch releases from Microsoft (which is sure to generate the usual run of paranoia), more users are likely to follow the bogus link than might otherwise be tempted to click it. Be proactive. Alert users to this new phishing attack to help prevent the problem from spreading through your network. Readers Choice
On an unrelated note, the ballot for Windows IT Pro's annual Readers' Choice awards is now live. Here's your chance to reward companies that provide excellent products and services. The September 2005 issue of Windows IT Pro will feature the winners. Click here to vote:
http://www.windowsitpro.com/readerschoice

==========

==== Sponsor: Is Your Office Truly Fax Integrated? ==== Discover how to make your business more productive with easier ways for users to communicate and carry out mission-critical business processes. Download this free white paper to learn how to integrate fax with Microsoft Office and Exchange/Outlook applications. Get usage examples of Office-to-Fax integration, learn the benefits, and how fax works with Microsoft Office to deliver clear and substantial benefits to users.
http://www.windowsitpro.com/whitepapers/faxback/officefax/index.cfm?code=wclntnl_0414 ==== 2. News & Views ====
by Paul Thurrott, [email protected] Microsoft Removes Windows XP SP2 Block, World Doesn't End
Microsoft has removed a software block that had let some small-to-midsized businesses (SMBs) block the Windows XP Service Pack 2 (SP2) download. The company announced in August that the blocking tool would be in place through April 12, 2005, and a series of stories recently reported that everything short of Armageddon would occur when the company removed the tool. Because you're reading this now, a day later, you can see that the world didn't end. Read the entire story at
http://www.windowsitpro.com/articles/index.cfm?articleid=46049 ==== Events and Resources ====
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events ) Ensure SQL Server High Availability
In this free Web seminar, discover how to maintain business continuity of your IT systems during routine maintenance and unplanned disasters. Learn critical factors for establishing a secure and highly available environment for SQL Server including overcoming the technology barriers that affect SQL Server high availability. Find out about Microsoft's out-of-the-box high-availability technologies, including clustering, log shipping, and replication. Register Now!
http://www.windowsitpro.com/seminars/SQLHighAvailability/index.cfm?code=0413emailannc Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0411emailanncs Protect the Rest of Your Exchange Infrastructure
There is more to data protection for Exchange than protecting mail and mail servers. In this free Web seminar, you'll learn some methods for anticipating, avoiding, and overcoming technical problems that can affect your Exchange environment including, corruption or errors in Active Directory, DNS problems, configuration errors, service pack installation problems, and more. Register now!
http://www.windowsitpro.com/seminars/ExchangeInfrastructure/index.cfm?code=0413emailannc Detect Attempted Intrusions into Your Windows System
In Chapter 5 of this free eBook, you'll learn basic intrusion detection, Windows auditing, audit policy, auditing categories, event-log management, and audit policy best practices. Discover how to appropriately configure event auditing and capture critical information about most unauthorized events. Download your copy now!
http://www.windowsitlibrary.com/Ebooks/SecurityPermissions/Index.cfm?code=0413emailannc Attend This Free Web Seminar for a Chance to Win a $1000 American Express Gift Check!
Achieve High Availability and Disaster Recovery for Microsoft Servers. In this Web seminar, discover what it takes to minimize the likelihood of downtime through reliability and resilience in your Microsoft server environment including Exchange Server, SQL Server, File Server, IIS, and SharePoint. Sign up today!
http://www.windowsitpro.com/seminars/microsofthighavailability/index.cfm?code=0413emailannc ==== Hot Release ==== Converting a Microsoft Access Application to Oracle HTML DB
Get the most efficient, scaleable and secure approach to managing information using an Oracle Database with a Web application as the user interface. In this free white paper learn how you can use an Oracle HTML Database to convert a Microsoft Access application into a Web application that can be used by multiple users concurrently. You'll learn how to improve the original application by adding hit highlighting and an authorization scheme to provide access control to different types of users. Download this free white paper now!
http://www.windowsitpro.com/whitepapers/oracle/htmlaccess/index.cfm?code=wclnl_0414 ==== Featured White Paper ==== Quantify the Business Benefits of ITSM
This free white paper explores how to meet IT infrastructure's needs and manage crucial support and service processes by implementing Help desk, problem, change, configuration, and service-level agreement (SLA) management into a single workflow. Improve productivity and service delivery quality while reducing costs, resources, and downtime in your organization. Download it now!
http://www.windowsitpro.com/whitepapers/hp/itsmbenefits/index.cfm?code=0413emailannc_WP ==== 3. Peer to Peer ==== Tip: Adjust the Bandwidth Available to System Services
(contributed by David Chernicoff, [email protected])
I've recently received some reader email about the Microsoft's Automatic Updates service running under Windows XP. The email messages referenced various problems that occurred when the update service was downloading new updates to client computers. About half the messages complained that Internet browsing slowed when users received notification that an update was being downloaded. The other messages had a similar concern--how to get updates to download faster. I schedule updates to download at 4: 00 A.M., and although I'm occasionally working at that time, I've never noticed an update slowing down my system. The readers with questions were all in environments in which the computers were turned off at the end of the business day and, as a result, ran the update during business hours.
By default, XP uses as much as 20 percent of the connection bandwidth for its own communications. If you feel this amount is too much (or too little), you can make a policy change that will reduce or expand the amount of bandwidth available to system services. You can even make the policy change on a standalone system. To make the policy change, perform these steps:
1. Go to Start, Run.
2. Enter gpedit.msc into the Open dialog box and Click OK.
3. In Group Policy Editor (GPE), click Computer Configuration.
4. Click Administrative Templates.
5. Click Network.
6. Click QoS Packet Scheduler.
7. Double-click "Limit reservable bandwidth."
8. Click the Enabled radio button.
9. Set the Bandwidth limit (increase or decrease).
10. Click OK. Featured Thread: Match Your Wits Against Anglers
To read the latest thread in the Security Matters blo, visit the following URL:
http://www.windowsitpro.com/article/articleid/45904/45904.html ==== Announcements ====
(from Windows IT Pro and its partners) Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database! Click here to try a sample issue today:
http://www.secadministrator.com/rd.cfm?code=fseu2554up Nominate Yourself or a Friend for the MCP Hall of Fame
Are you a top-notch MCP who deserves to be a part of the first-ever MCP Hall of Fame? Get the fame you deserve by nominating yourself or a peer to become a part of this influential community of certified professionals. You could win a VIP trip to Microsoft and other valuable prizes. Enter now--it's easy:
http://www.windowsitpro.com/mcphalloffame/index.cfm?code=0411emailannc ==== 4. New and Improved ====
by Gayle Rodcay, [email protected] Recover Overwritten Office Files
Executive Software has announced the release of Undelete 5.0, a data-protection tool that simplifies and speeds up retrieval of lost or deleted data and adds automatic file versioning for Microsoft Office files. Undelete transparently captures earlier versions of Office documents as users modify them so that users can revert to an earlier version if necessary. Undelete 5.0 runs on Windows Server 2003/2000/NT/XP. Undelete Professional costs $39.95; the server version lists for $299.95. For more information, contact the company at 818-771-1600 or visit the company's Web site.
http:www.executive.com Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows IT Pro T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]. ==== Sponsored Link ==== Quest Software
Heading to Exchange from Notes or GroupWise? Get Expert Help!
http://ad.doubleclick.net/clk;14771969;8214395;x?http://wm.quest.com/WITPUpdateNotesMigratorforExchange32005 ==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring an UPDATE -- [email protected]

===============

This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
http://www.windowsitpro.com/rd.cfm?code=00eu205xeb

View the Windows IT Pro Privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All Rights Reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like