Cybercriminals are using a fake Windows Update installation dialogue box to sell a bogus security product called Anti-malware Defender, security researchers have warned.
The scam uses very realistic looking Windows Update dialogue boxes, pop-ups and bogus anti-virus scans, said Andrew Brandt, malware researcher at Webroot.
The scam is triggered by infected websites that push drive-by downloads at visitors and include links to genuine Microsoft information pages, he said in a blog post.
If the "install now" button is clicked, the malware attempt to coerce victims into buying a "licence" to the nonexistent product.
Identifying the file is not difficult for users accustomed to the Windows Task Manager, said Brandt.
"Unlike a real Windows Update session, these fake updates appear as a DLL running from the temp folder with the words 'start worker' in the command line," he said.
Victims can stop the malware from running by emptying the temp folder.