back to article Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn

Cybercriminals have already seized upon the end of support for Windows XP as a theme for numerous scams and fake software updates. Microsoft pushed out its last ever patches for the 13-year-old operating system last Tuesday (8 April). Numerous YouTube videos "advertising programs and functionality related to Windows XP" that …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Business as usual

    Same shit; different day.

    1. Anonymous Coward
      Anonymous Coward

      Re: Business as usual

      Same shit, softer target.

      Chances are a fair (and increasing) chunk of those still running XP are more likely to be clueless about IT and security, given the fact they've not noticed or chosen to ignore all the promo about it going EoL recently!

      1. Chika

        Re: Business as usual

        Actually, you aren't totally wrong. Yes, there are some folk that are locked into WXP for all sorts of reasons but there are those with, perhaps, only a basic grasp of tech for whom the end of WXP has simply passed them by.

        The thing is though that these folk are already affected by scams, bugs and other malware and this would not change even if they did upgrade to a later Windows OS or moved to Apple, Linux or whatever.

        1. Mark Allen
          Facepalm

          Re: Business as usual

          Yep... the same people who trust the "Speed up your PC" adverts will now get caught by these "Free XP Security Update" scams. It amazes me as to how a flashing box on a screen makes users walk into these scams, yet if a bloke walked up to them in a supermarket carpark offering them a deal to make their car go faster they'd know the difference.

          What is certainly the most comical is that I am already seeing some of my ID-10T users who have moved from a PC to a Mac "because it is safer" manage to continue to fall for the same scams and now are infecting the Mac...

          Maybe this just goes to show that viruses don't infect the OS - they infect the user. So many of the "viruses" I see now have been installed by the user who believed the Snake Oil offer was valid. Or they could watch some "free" sport...

          1. Peter Stone

            Re: Business as usual

            In my experience, those people who click on the "your pc is running slow"/"your

            pc has a virus" type adverts do so because at the bottom it usually states "microsoft certified partner" & they've been 'conditoned' to trust it. As there are always patches & upgrades being downladed to their pc's

          2. AndrueC Silver badge

            Re: Business as usual

            if a bloke walked up to them in a supermarket carpark offering them a deal to make their car go faster they'd know the difference.

            I'm not so sure. Con artists have always played on people's trusting/gullible nature.

        2. oh_cfc

          Re: Business as usual

          The scams mentioned in the article require download and installation - so they would be safer if they used linux. For the same thing to happen they'd have to download, modify the execute permissions and then run. And then it would have to be for the right version/architecture. And why would they be going outside of their distro repo anyway?

          1. Def Silver badge
            FAIL

            Re: Business as usual

            The scams mentioned in the article require download and installation - so they would be safer if they used linux. For the same thing to happen they'd have to download, modify the execute permissions and then run. And then it would have to be for the right version/architecture. And why would they be going outside of their distro repo anyway?

            If Linux were, God forbid, ever to become a mainstream OS, why do you think the same technologically disadvantaged users would be any different? They would be just as clueless on Linux as they are on Windows. Their response to any problem they encounter would be the same: ask Google how to solve X, where they'd immediately find a step-by-step guide on how to install the "Britney Spears Super Duper Internet Optimiser" (or whatever) on their system.

      2. Jason Bloomberg

        Re: Business as usual

        And there are those folks who have a good understanding of the issues, risks and mitigations, and have made an informed decision to stick with XP.

        It's not as if switching to something else is guaranteed to prevent successful attacks.

        1. wdmot

          Re: Business as usual

          For me, the risk of buying Win7 and finding it doesn't work well on my old laptops (6 and 8 years old) is too high. I'm working on getting Linux installed, but have not yet found a combination that will properly play my Windows games (e.g. World of Warcraft) in either WINE or VirtualBox with my hardware (works fine with some other people's hardware). So I stick with XP, keep my AV updated, use AdBlock Plus and NoScript, and don't visit dodgy sites.

          A new laptop is on the horizon (a decent one is so expensive!), but I'll face the same issue there -- I will not buy one with Win8 based on my wife's experience with it (even with ClassicShell). Besides that, I have not found a new laptop I like... a trackpad must have separate buttons and the display must be at least 1920x1080. Eventually I'll find one.

        2. Martin-73

          Re: Business as usual

          And those folks aren't the target audience ;)

      3. J__M__M

        Re: Business as usual

        What, they EOL'ed XP????? I didn't notice or chose to ignore all the promo!!!! So how's the weather in that little stupid-proof vacuum-sealed bubble world you live in? Sunny and warm, I'm sure.

        "Chances are a fair (and increasing) chunk of those still running XP are more likely to be clueless about IT and security, given the fact they've not noticed or chosen to ignore all the promo about it going EoL recently!"

      4. fajensen Silver badge

        Re: Business as usual

        Chances are a fair (and increasing) chunk of those still running XP are more likely to be clueless about IT and security,

        No. We are still running XP because there exist a lot of fossil software for accounting, PLC programming, translation of CAD into CNC-instructions and whatnot that will never be upgraded and is not supported because the fees are just not worth it. It will eventually get thrown out when the equipment it serves data to is worn out. The lesson is that the world does not run according to the sales projections / needs of software companies.

        The truly clueless have computers which are already running every scam- and mal-ware in existence, so there cannot be many MIPS left over for any new initiatives in that field.

        If I wrote malware, I would go for Linux/MAC - there is much that can be done as just the standard user account. Far too many Linux/MAC people firmly believe that one has to crack "root" to "own" their machine - therefore they feel safe and allowed to be smug - I would like to see someone put a dent in that smugness.

    2. Gray
      Facepalm

      Re: Business as usual

      Microsoft OS ... the gift that never stops giving.

  2. Anonymous Coward
    Anonymous Coward

    Job Security

    About half the number of system administrators would be out of a job if there wouldn't be lots of compromised WinXP machines around.

    1. Anonymous Coward
      Anonymous Coward

      Re: Job Security

      Not to mention it's ease of use!

    2. Wensleydale Cheese
      WTF?

      Re: Job Security

      "About half the number of system administrators would be out of a job if there wouldn't be lots of compromised WinXP machines around."

      High time they got a taste of what it's been like for the rest of us who've had to retrain into new technologies to stay employable then.

      No sympathy what-so-bleedin-ever for them.

      1. J__M__M

        Re: Job Security

        "High time they got a taste of what it's been like for the rest of us who've had to retrain into new technologies to stay employable then" "No sympathy what-so-bleedin-ever for them"

        Oh, so you must be one of those CFO CEO MCSE CCNA's, since you obviously both request AND approve your own IT budget. Make it rain!

        Seriously, shut up.

  3. Lost in Cyberspace

    Just waiting

    ...for clients to tell me they're protected because they've just paid "Microsoft" for 3 years support...

  4. arctic_haze
    Holmes

    "Undead Windows XP"

    Let's not panic. It is only one week since the final update batch. Windows XP (or any other Windows) are more exposed 3/4 of the time.

  5. Nuno trancoso

    Reminds me of my old boss, who is a PC repair shop owner, temporarily loosing his higher brain functions and putting his mobile number in a site that "had" a "crack" for an app he wanted. Then he confirmed the SMS.... In one fell swoop he had €20 less in the mobile and a zombified PC.

  6. Grumpy Fellow
    Pint

    An optimist's view for your consideration

    My optimistic take on the end of XP support is that Microsoft has stopped patching it because they found that after 13 years of removing flaws from the code every Tuesday, the software that remains is simply perfect and no longer needs patching. Consider this, would you feel more comfortable on the maiden flight of a new jetliner as it rolls off the Boeing assembly line (Windows 8.1) or flying into Dallas on one of American Airline's 1980s vintage DC-9s that has been proven with 30 years of six flights a day without crashing (Windows XP). OK, it's a bad analogy because XP crashes, but that's not the point here.

    1. Mpeler
      Windows

      Re: An optimist's view for your consideration

      ...Microsoft has stopped patching it because they found that after 13 years of removing flaws from the code every Tuesday, no software remains....

      fixed that for you

      (just kidding....after 13 years most of the bugs [OK, the obvious/likely/common ones] have been found and fixed...but, unfortunately for Micro$oft, most of the profit is gone too....).

      Never touch (fix) a running system is something folks who depend on support/upgrade income don't like to hear. For the rest of us (who like to keep our $$$, or at least try) it's music to our ears....

      That being said, being careful and watching out for scammers is important - then again, it's important no matter what OS (or device, for that matter) that you are running...

    2. Def Silver badge
      Joke

      Re: An optimist's view for your consideration

      Consider this, would you feel more comfortable on the maiden flight of a new jetliner as it rolls off the Boeing assembly line (Windows 8.1) or flying into Dallas on one of American Airline's 1980s vintage DC-9s that has been proven with 30 years of six flights a day without crashing (Windows XP).

      In all fairness if Windows 8.1 crashes, I'm far less likely to end up with the leg of the person sat behind me shoved up my arse and sticking out my face.

    3. MJI Silver badge

      Re: An optimist's view for your consideration

      Well I would not trust a DC10, they fall apart!

    4. Anonymous Coward
      Anonymous Coward

      Re: An optimist's view for your consideration

      OK, it's a bad analogy because XP crashes,

      No, it doesn't. Nor does any subsequent version of Windows. Or at least in almost every case it'll be the result of hardware failure. Possibly device driver bugs in a handful of cases. The days of Windows being weak and subject to frequent, random BSODs are long gone. A Windows box is as likely to stay up and running as any other modern OS. I can't even remember the last time I saw a BSOD and I use nothing but Windows at home and at work.

      1. Not That Andrew

        Re: An optimist's view for your consideration

        Nope, not hardware problems, badly written drivers. At least until ATI and NVidea learnt how to write drivers for XP.

  7. ben_myers

    Telephone scams, too

    The phone calls from scammers telling you your Windows XP system is infected have begun again, too. I got a call today from a bogus caller ID and a voice with South Asian accented English. The connection was poor, but he addressed me by name (no surprise, my name and number are in public records) and launched into a Windows spiel. I told him to speak up because the connection was poor and he hung up.

  8. Grease Monkey Silver badge

    Let's not forget that all these scam emails flying around will probably hit more people running later versions of windows and those not running windows at all. And no doubt a significant number of those people will fall for it.

    I've come across plenty of cases where people have clicked on links in scam emails and been infected or scammed even though the email didn't even apply to them.

  9. Anonymous Coward
    Anonymous Coward

    Last remaining XP

    Im between a rock and a hard place with XP.

    I support a fair few boxes that have DekTek PCI cards in that wont work in anything but XP on slightly older CPU architecture. Due to pants drivers and weird licensing.

    Upgrading to Windows 7 would cost way over £100k as I would need new machines and new cards. Dektek aint cheap,£6000 a card for what my client needs. Plus the licensing is tied in to specific software/driver combos.

    For all the kit out there that is XP and highly specialised its most likely hardware costs that are scaring people. Not the shift to Windows 7 per se.

    1. elmerf

      Re: Last remaining XP

      Sorry, don't understand your problem.

      Keep the machines running the DekTek cards totally isolated from the internet and local networks ... and then charge the client $20K for a couple of new $600 Windows 7 machines and some custom software to securely transfer whatever files are needed to the isolated machines after running virus scans on them.

      If you want to be "creative", look at running Microsoft's "Embedded XP" EWF filters on the critical machines so that all changes get reverted on reboot.

      IMHO ...this panic only really applies to the "great unwashed" ... any business with competent

      IT staff should be able to devise a secure scenario to keep running XP where it's really too expensive or impossible to replace.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021