Window 7 updates have NOT been hacked after all!

Windows 7 users were thrown into a panic overnight by what we can only think to describe as a harmlessly incorrect genuine botched fake update.

Help forums filled up with rumours of a hack at Microsoft, thanks to an update notification looking something like this:

gYxseNjwafVPfgsoHnzLblmm...YMEILGNIPwNOgEazuBVJcyVjBRL

Download size: 4.3 MB

You may need to restart your computer for this 
update to take effect.

Update type: Important

qQMphgyOoFUxFLfNprOUQpHS

More information: 
https://hckSLpGtvi.PguhWDz.fuVOl.gov
https://jNt.JFnFA.Jigf.xnzMQAFnZ.edu

Help and Support: 
https://IIKaR...PGetGeG.lfIYQIHCN.mil

Here it is in Russian, with some URLs the same, but others different:

SjXyXBBRruIsrRKigWTXppLl...ybEUZjzNVTpnpTfNlJlkbHObmKv

Размер загрузки: 4,3 МБ

Чтобы обновление вступило в силу, может 
потребоваться перезапуск компьютера.

Способ обновления: Важное

qQMphgyOoFUxFLfNprOUQpHS

Дополнительные сведения:
https://hckSLpGtvi.PguhWDz.fuVOl.gov
https://jNt.JFnFA.Jigf.xnzMQAFnZ.edu

Справка и поддержка:
http://qPhnIf...svQSjg.feOXkVeoJ.gov

At least one brave chap, either by accident or design, tried to install the mysterious update, fortunately without success:

What about the URLs?

The URLs listed in the notifications look alarming, especially the .GOV domain that starts with the letters HCK.

But unlike .COM and .NET, the top-level domains .MIL, .GOV and .EDU aren’t open slather, so not just anyone can register them, and not just any old domain name is acceptable.

So thse URLs aren’t directly dangerous because they don’t exist.

But that makes them indirectly worrying, because they’re in an apparently-official Microsoft notification.

And Windows 7, despite its age, still has a strangely loyal following of users.

Many of them consider Windows 8, and even 8.1, unusable, and are showing similar signs of skipping Windows 10 as well.

In a few years, they may well become the next generation of XP “survivalists,” running ageing, unpatched PCs with a determined disregard for the rest of us.

For now, however, Windows 7 is still fully supported, so you can forgive its users for getting genuinely worried about what was clearly a bogus update.

Was it a hack? A prank? A giant Man-in-The-Middle attack?

Stand down!

Stand down from Windows-coloured alert!

The good news is that it was a genuine bogus update.

According to a Microsoft spokesperson:

We incorrectly published a test update and are in the process of removing it.

Because the update seems to have existed only as a test of the notification process, and not as an update package that could actually be installed, it seems to have been a fake update, too.

So, you can stand down from red alert.

It was a harmlessly incorrect genuine botched fake update.

And before you get angry about it because of the nervous night you just spent waiting to find out the facts…

…spare a thought for the persons or persons unknown at Microsoft HQ who made the blunder, and are currently spending a nervous afternoon waiting to be summoned to the Principal’s office for a telling-off.

Note. If you are going to invent domain names for test purposes, never use real top-level domains like .COM, .MIL and so on. For more than 16 years, there has been a well-defined list of reserved domain names, both at the top-level (e.g. .TEST) and at the second level (e.g. .EXAMPLE.COM). Use those instead. Likewise, if you need to make up realistic-looking IP numbers, use ranges specifically reserved for documentation purposes (e.g. 198.51.100.0/24).

Leave a Reply