Attacks that rely on setting up fake update servers are not as difficult to carry out as one might think. The main reasons are administrators’ carelessness and the absence of robust version-publishing processes, although occasionally we see astonishing attack vectors that are hard to anticipate.