Sophos: malware mimicking Windows Updates

Simon · Jun 09, 2011, 22:06:41

Security experts are warning against malware that's dressed up as Microsoft Updates.

According to security firm Sophos, criminals are looking for increasingly believable ways to persuade consumers to download fake antivirus and mimicking Microsoft's own security is their latest wheeze.

"We are seeing the criminals behind fake antivirus continuing to customise their social engineering attacks to be more believable to users and presumably more successful," said Chester Wisniewski on the Sophos blog.

"This week they've started to imitate Microsoft Update."

Read more: http://www.pcpro.co.uk/news/security/367921/sophos-malware-mimicking-windows-updates

john · Jun 09, 2011, 22:24:34

Thanks for the warning Simon, although I only get updates by specifically requesting them on the MS update site and use IE anyway so shouldn't be affected.

Rik · Jun 10, 2011, 10:47:35

Life used to be easier. I wonder how long before we have to have an account with MS to obtain downloads from?

Ray · Jun 10, 2011, 11:27:58

I'm wondering why people are still using the Windows Update website when you've been able to get your updates via the Windows Control Panel for ages now.

Edit: I'm referring to Win 7, this doesn't seem to be the case with Windows XP though unless you have Automatic updating turned on.

Rik · Jun 10, 2011, 11:59:11

You have? Does that include us XP dinosaurs, Ray?

Ray · Jun 10, 2011, 12:10:25

Quote from: Rik on Jun 10, 2011, 11:59:11
Does that include us XP dinosaurs, Ray?

No, Rik, I've just checked on XP and you need to have Auto update turned on to not see the Update web site.

Rik · Jun 10, 2011, 12:22:25

I thought we might.

pctech · Jun 10, 2011, 13:32:07

I tend to visit the update site regularly to check for updates both to the OS and root certificates

Rik · Jun 10, 2011, 17:37:39

Secunia PSI does a lot of the work for me. NOD32 fills in most of the rest.

Niall · Jun 10, 2011, 18:41:02

I saw a pop up the other day that was that virus that tells you that you're infected and to run the windows cleaner. It actually looks pretty legit unless you're aware of this sort of thing. Until that time, my AV, anti malware and pop up blockers were stopping these. It seems they're getting more crafty in the way they work.

wecpcs · Jun 11, 2011, 22:36:12

Quote from: Ray on Jun 10, 2011, 11:27:58
I'm wondering why people are still using the Windows Update website when you've been able to get your updates via the Windows Control Panel for ages now.

Edit: I'm referring to Win 7, this doesn't seem to be the case with Windows XP though unless you have Automatic updating turned on.

I had not even noticed that it was there as I hardly ever use the control panel. For uninstalling for example I always use REVO uninstaller, which does a much better job of removing everything from the registry.

Colin

pctech · Jun 12, 2011, 15:19:13

Quote from: Rik on Jun 10, 2011, 10:47:35
Life used to be easier. I wonder how long before we have to have an account with MS to obtain downloads from?

In the future your O/S will be maintained on a server and you'll pay a subscription to access it.

I sincerely hope that never happens.

Niall · Jun 12, 2011, 15:25:14

Quote from: wecpcs on Jun 11, 2011, 22:36:12
I had not even noticed that it was there as I hardly ever use the control panel. For uninstalling for example I always use REVO uninstaller, which does a much better job of removing everything from the registry.

Colin

I've been using the control panel for a while. To be honest I didn't even think about it as with XP I click a shortcut which takes my mums PC to the site, and the same link in Win7 takes you to the control panel, which looks the same as the page after login. It honestly hadn't occurred to me until you posted