We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Windows Vista 'bug week' was a hoax

Windows-security April Fool dupes Symantec

Yet another daily bug hunt, dubbed Week of Vista Bugs (WOVB), was only a hoax, the project's ‘creators’ have revealed.

News of the WOVB first appeared late last week, when announcements hit security mailing lists of "new undisclosed vulnerabilities, flaws, exploitation techniques, with advanced technical details and zero-days, related to Microsoft Windows Vista."

Obviously, a spin-off of several other one-bug-daily projects - which started with July 2006's Month of Browser Bugs - the announcement was greeted with some scepticism. It turns out that the sceptics were right.

"First, I thought about a simple, quite funny, April fool," said the trickster, who was only identified as JA on the newly revised WOVB site. "Then, I have thinked [sic] about one with a little bit of interest and educational purpose for no-experts people and IT Medias."

Although JA's stated purpose was to dupe a gullible - and according to his take, sensation-seeking - IT security press, at least one antivirus vendor was also fooled.

Yesterday, Symantec warned users of its DeepSight threat management alert network that WOVB was leading off with a critical zero-day bug in the Vista firewall. But Symantec's researchers were cautious in their warning. "The [vulnerability] description provided, however, does not directly coincide with the claim," said the alert. "The information is disjointed and suggests that there are at least two possible remote holes in Vista associated with the IPv6 and DCOM implementations.

"No explicit descriptions of a firewall-bypass issue are contained on the site. However, three screenshots may be of potential interest," Symantec added.

JA spelled out the trick. "We have to produce credible and relevant information. As we are under the scope of a lot of security experts (with more skills than me), I will try to do my best to publish something looking true. We will use the same tools as the hackers, to do relevant screenshots and have a credible, well-funded scenario."

JA didn't apologise for the spoof, but instead claimed a higher purpose. "One more time, the goal was to remember that the human factor is one of the most important in IT security."

Coincidentally, while JA fired up the bogus WOVM, a real zero-day flaw in Windows, including Vista, was being actively exploited by attackers. Microsoft is patched the bug yesterday.

See PC Advisor's review of Windows Vista and discuss the new operating system with other readers in our Windows Vista forum.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model