Security firm Webroot is warning internet users to be on the lookout for a malware attack masquerading as an official Windows update.
The attack appears to relate to a number of out-of-band patches recently released by Microsoft.
"The spy, which serves as nothing more than a vehicle for a fake product called Antimalware Defender, so closely resembles a Windows Update installation dialogue that some members of our threat research team had to pause and look carefully at the dialogue box before deciding that it is, in fact, a big fat hoax," said Webroot threat researcher Andrew Brandt in a blog post.
Brandt warned that falling for the scam could mean users being coerced into handing over money to deal with a 'virus problem' that does not exist.
Brandt added that computer owners used to dealing with Microsoft updates should find the fake easy to spot.
"Identifying the file is not all that hard if you're accustomed to using Task Manager or Process Explorer to watch what's running on your PC," he said.
"Unlike a real Windows Update session, these fake updates appear as a DLL running from the temp folder with the words 'start worker' in the command line. Once you kill this process, you can empty your temp folder and be done with this nuisance."
IT managers may consider warning less experienced workers to be aware of the risk.