Cybercrimals use fake Windows update to push bogus security software


Cybercrimals use fake Windows update to push bogus security software

Warwick Ashford

Cybercriminals are using a fake Windows Update installation dialogue box to sell a bogus security product called Anti-malware Defender, security researchers have warned.

The scam uses very realistic looking Windows Update dialogue boxes, pop-ups and bogus anti-virus scans, said Andrew Brandt, malware researcher at Webroot.

The scam is triggered by infected websites that push drive-by downloads at visitors and include links to genuine Microsoft information pages, he said in a blog post.

If the "install now" button is clicked, the malware attempt to coerce victims into buying a "licence" to the nonexistent product.

Identifying the file is not difficult for users accustomed to the Windows Task Manager, said Brandt.

"Unlike a real Windows Update session, these fake updates appear as a DLL running from the temp folder with the words 'start worker' in the command line," he said.

Victims can stop the malware from running by emptying the temp folder.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy