Re: Suspicous Updates

From: Jim Slager (jslager_at_iname.com)
Date: 02/03/04 

Date: Tue, 3 Feb 2004 12:29:10 -0800

Thanks, Ted. You're very helpful. By the way, have you ever heard of
Windows Updates being used as a front for hackers or have you ever heard of
NIS getting spooked falsely on a valid Windows Update?

"Tedd Riggs" <T_Riggs@MSN,C0M> wrote in message
news:OaMux0o6DHA.1636@TK2MSFTNGP12.phx.gbl...
> You cannot always trace a Microsoft Download Server as coming from
Redmond.
> I live in Redmond, yet sometimes the data will come from a totally
different
> server depending on the loading factors going on in Redmond as there are
> more then one place to get updates. Most are hidden if you actually try a
> full traceroute. For example for Y2K, the entire Redmond campus was shut
> down as far as access to the outside world and remote sites handled
> everything and most people never knew the difference. I would imagine
today
> some is shut down and redirected with the possible worm threat of today
> which so far, looks like it has only been a problem for SCO.
>
> --
> Tedd Riggs
> PDA Square Content Developer
> www.pdasquare.com
>
>
> "Jim Slager" <jslager@iname.com> wrote in message
> news:utTl4No6DHA.2908@tk2msftngp13.phx.gbl...
> > George,
> >
> > I'm not sure what you mean by your reply. Perhaps you mean that I
should
> > not click "Go ahead and do the update" but instead I should go to
> > Microsoft's site and download it by myself. Is that a blanket good
> security
> > method? But perhaps you mean something else. Of course, the popup said
> > that it was Microsoft updates but I don't know if I should trust that,
> > especially since I got the Norton alert. But I'm still wondering if
I've
> > been had by some worm or not. Is there any good reason that Updates
would
> > come through LA to the SF Bay Area?
> >
> > Thanks for answering my post but if you could shed a little more light
on
> > this I'd appreciate it.
> >
> > "George Hester" <hesterloli@hotmail.com> wrote in message
> > news:evoK4Do6DHA.2460@TK2MSFTNGP09.phx.gbl...
> > I think your Norton hopes you think you spent your money well. If you
had
> > looked at the Details... in the popup that told you about a security
> update
> > you could have used that information to find it at Microsoft. Then you
> > could have decided if the issue was Norton (likely) or something else.
> >
> > --
> > George Hester
> > __________________________________
> > "Jim Slager" <jslager@iname.com> wrote in message
> > news:OmCK3kn6DHA.1072@TK2MSFTNGP11.phx.gbl...
> > > Today after I logged on I received a balloon popup message from my
> > Automatic
> > > Updates (which I have set to "Download the updates automatically and
> > notify
> > > me when they are ready to be installed") that updates were ready. So
I
> > > clicked Yes and soon got a Security Alert from Norton Internet
Security
> of
> > a
> > > High Risk Threat Level of an Extreme Trojan Horse being blocked. It
was
> > an
> > > inbound TCP with remote address download.windowsupdate.com. I pinged
> this
> > > and got an IP of 208.172.158.208. I did tracert and saw that the last
> two
> > > hops were through Los Angeles. I'm in Northern California and
Microsoft
> > is
> > > up north.
> > >
> > > So???? What do you think?
> > >
> > >
> >
> >
>
>

Quantcast