iTnews

Webroot warns of fake Windows update scam

By Staff Writers on Mar 12, 2010 11:50AM
Webroot warns of fake Windows update scam

Convincing dialogue box likely to snare victims.

Security firm Webroot is warning internet users to be on the lookout for a malware attack masquerading as an official Windows update.

The attack appears to relate to a number of out-of-band patches recently released by Microsoft.

"The spy, which serves as nothing more than a vehicle for a fake product called Antimalware Defender, so closely resembles a Windows Update installation dialogue that some members of our threat research team had to pause and look carefully at the dialogue box before deciding that it is, in fact, a big fat hoax," said Webroot threat researcher Andrew Brandt in a blog post.

Brandt warned that falling for the scam could mean users being coerced into handing over money to deal with a 'virus problem' that does not exist.

"While the fake anti-virus detections it 'reports' are pretty believable, the help file created by the goofballs behind this spy is truly a masterwork of idiocy. The file has helpful links back to Microsoft's own Windows Defender privacy policy, and other nuggets of gold."

Brandt added that computer owners used to dealing with Microsoft updates should find the fake easy to spot.

"Identifying the file is not all that hard if you're accustomed to using Task Manager or Process Explorer to watch what's running on your PC," he said.

"Unlike a real Windows Update session, these fake updates appear as a DLL running from the temp folder with the words 'start worker' in the command line. Once you kill this process, you can empty your temp folder and be done with this nuisance."

IT managers may consider warning less experienced workers to be aware of the risk.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
fake of scam security update warns webroot windows

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Staff Writers
Mar 12 2010
11:50AM
0 Comments

Related Articles

  • Google unravels state-of-art Android and Windows exploit chains
  • 'ZeroLogon' hackers scan for unpatched servers
  • Two arrested over large-scale SMS phishing scam
  • Legacy protocols used to bypass Microsoft 365 MFA
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.