Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Webroot Warns of Bogus Windows Update Circulating over the Internet

Webroot, a security firm has issued an alert to Web-surfers that a malware campaign pretending to be a latest authorized version of Windows 7 is currently circulating over the Internet.

The assault seems to be associated with several out-of-band security patches that Microsoft, the software giant, lately released, thereby demanding immediate attention.

Andrew Brandt, threat researcher at Webroot, said in a blog post that the masqueraded attack that's simply a means for delivering Antimalware Defender, a bogus application appears very similar to a pop-up for Windows Update installation. Consequently, it prompted a few members of the company's threat research group to give some time to carefully reading the pop-up only to realize that it's nothing but a hoax, he writes in a blog, as reported by V3.co.uk on March 11, 2010.

Brandt added that while the bogus malware detections the Antimalware Defender reports sound quite convincing, the help file subsequently produced is really a well crafted idiotic piece of work. The folder makes useful connections with Microsoft's own privacy policy for Windows Defender as well as other valuable things, the researcher adds.

Nevertheless, he cautions that believing the scam may end up end-users paying for resolving a virus issue, which in reality is non-existent on their systems.

According to the threat researcher, people can very easily recognize this deceptiveness against an authentic Microsoft update by checking the location and name of the file. A view of the Task Manager shows the file's location and name, which indicates the user that it has no connection with Windows 7; consequently, there isn't any creation of a new folder.

In a different statement, Brandt said that dissimilar to an authentic Windows Update process, the current bogus update seemed to be a Dynamic-link Library which runs from the non-permanent natured folder wherein the command exhibited the phrase "start worker", as published by Computerweekly.com on March 11, 2010.

Finally, this scareware forms another sample in the series which McAfee described as the greatest attack of 2010 during the second week of March 2010. Actually, to transmit malware, scareware proves a particularly attractive mode, as often PC users, due to insufficient knowledge, fail in recognizing the fake alerts from their perpetrators.

Related article: Webroot Detects Malware in Presidential Campaign Videos

» SPAMfighter News - 3/20/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page