Webroot warns of fake Windows update scam

Security firm Webroot is warning internet users to be on the lookout for a malware attack masquerading as an official Windows update.

The attack appears to relate to a number of out-of-band patches recently released by Microsoft.

"The spy, which serves as nothing more than a vehicle for a fake product called Antimalware Defender, so closely resembles a Windows Update installation dialogue that some members of our threat research team had to pause and look carefully at the dialogue box before deciding that it is, in fact, a big fat hoax," said Webroot threat researcher Andrew Brandt in a blog post.

Brandt warned that falling for the scam could mean users being coerced into handing over money to deal with a 'virus problem' that does not exist.

"While the fake anti-virus detections it 'reports' are pretty believable, the help file created by the goofballs behind this spy is truly a masterwork of idiocy. The file has helpful links back to Microsoft's own Windows Defender privacy policy, and other nuggets of gold."

Brandt added that computer owners used to dealing with Microsoft updates should find the fake easy to spot.

"Identifying the file is not all that hard if you're accustomed to using Task Manager or Process Explorer to watch what's running on your PC," he said.

"Unlike a real Windows Update session, these fake updates appear as a DLL running from the temp folder with the words 'start worker' in the command line. Once you kill this process, you can empty your temp folder and be done with this nuisance."

IT managers may consider warning less experienced workers to be aware of the risk.