A warning has been issued about a fake Windows update alert,
which contains malware. Anyone foolish enough to install it would end up being
persuaded to purchase a product to deal with a non-existent ‘problem’.
The scam was detected by security firm Webroot. The user
sees a pop-up box closely resembling a Windows update alert. The makers of this
phony alert are cashing in on the number of special updates issued recently by
Microsoft outside of its monthly Patch Tuesday fixes, to deal with problems
requiring more urgent attention.
The fake alert, which gets pushed to users who click on Web
sites that contain so-called “drive-by downloads”, offers a product called
Antimalware Defender. As with real Windows Update dialog boxes, clicking the
various hot-linked lines of text in the fake alert’s dialog box actually takes
you to various other locations. For instance, the initial window that appears
has a link labelled “Change automatic updates settings” that leads to the real
dialog box where you would modify how your computer handles automatic updates.
Another link leads to a real page on Microsoft’s Web site that provides very
general information about malicious software.
If a user clicks the ‘Install now’ button, the program
doesn’t actually install anything. Instead, the spy kicks into a different
mode, where it displays a window that purportedly shows some sort of antivirus
scan (with the expected large number of bogus detections). Once running, a
victim is coerced into buying a “license” to this nonexistent product. The
purchase process looks remarkably similar to dialog boxes generated during the
online activation of Windows when you first install it.
The avoid installing this bogus software, take a look at the
details of the pop-up (illustrated here). You will see the word ‘Antimalware’.