New malware found to pose as Windows update

Criminals on the web are usually always sneaky in their ways, in an effort to obtain certain information on people. A lot of the time its information that can lead to wiping the user’s bank account clean and with the expansion of the web, the methods have become ever more imaginative.

Fake anti-viruses are nothing new, techies everywhere will have likely stumbled across one, once or twice and it appears that the criminals behind such deceptive programs have a new idea up their sleeves.

Sophos, a computer security company that also creates the popular anti-virus, have posted on their blog that a new type of malware that has been found. Essentially it cloaks itself as a legit Microsoft update and one that on the front of it, is rather convincing. As per usual, the first place to look is at grammar errors to try and figure whether it’s real or fake, but it appears the criminals have now gone back to school to learn English grammar and have written a piece of malware that’s somewhat convincing, even to a techie. The use of high quality graphics makes it ever more deceitful as previously it was glaringly obvious of a malwares intentions from the second you came across it.

Strangely however, it only appears to show its face on Firefox’s Windows version, which should ring some alarms as Microsoft Update requires IE.

The Windows 7 scanner and Windows XP explorer scanner that have been around for a while was also hosted on the same website as the Update malware, which honestly makes the time and effort put into this malware completely pointless – how unfortunate for the criminals.

Report a problem with article
Previous Story

E3 2011: ArmA 2 Free announced

Next Story

E3 2011: The Booth Babes (and Guys) of E3 - Day 3

31 Comments

View more comments

Binary said,
If only the malware writers could learn proper English and grammar.

Then they might pose a real threat.

Oh they are still a real threat. All you have to do is ask someone for their credit card, and people will hand it over like candy.

warwagon said,
Oh they are still a real threat. All you have to do is ask someone for their credit card, and people will hand it over like candy.

Agreed, this trick is an oldie but goodie, people keep falling for it. Being browser based they can make it look like whatever OS they want as well, to a point of course. Works for a lot of things, malware, credit card scams, etc etc.. shoot my junk mail account that I never look at is filled to the brim with "official" notices from Blizzard about my Warcraft account from years ago. Although yea, it does help if it's not written in broken Engrish.

warwagon said,

Oh they are still a real threat. All you have to do is ask someone for their credit card, and people will hand it over like candy.

4526 2048 3557 2043

Security code 689

Exp date 12/2011

Do you need my social security number?

Binary said,
If only the malware writers could learn proper English and grammar.

Then they might pose a real threat.

You make the assumption people read these things. They don't. All the malware authors have to do is get the big thing right: the look and feel. If it looks like Windows Update at a glance, that's good enough for the typical user.

andrewbares said,

4526 2048 3557 2043

Security code 689

Exp date 12/2011

Do you need my social security number?


Hey that's actually MY credit card number!

andrewbares said,

4526 2048 3557 2043

Security code 689

Exp date 12/2011

Do you need my social security number?

no, but you can tell me your address so i can come over and steal your windows and furniture legs

allwynd said,

no, but you can tell me your address so i can come over and steal your windows and furniture legs

Haha that would be the most dastardly crime in the world.

Did you read the article?

but it appears the criminals have now gone back to school to learn English grammar and have written a piece of malware that's somewhat convincing, even to a techie.

wow haven't used WU website since well windows xp..... so this is aimed at naieve users and windows xp shutins?

Still could use some grammatical work to make it more convincing, but this is a pretty strong piece for sure.

The part that throws me off is the "Review and Install Updates" text. I don't think Microsoft ever used a serif font for their headers. Plus, it is using their old interface for Microsoft Update, which I haven't seen in years (unless that interface still appears for XP users).

KingCrimson said,
Does this mean I should disable my automatic Windows update?
No. The automatic Windows update will not use this site. The only threat is if you visit the site and download the "updates" manually.

KingCrimson said,
Does this mean I should disable my automatic Windows update?

Yes. It is a bad idea. Just choose download and notify. Than, read about any problems with the updates and choose the custom option and install the those you need.

Tom V said,
"This installation is essential for the normal work of your system"?

OK - but how about the title "Install Updates Urgently" ??? Anyone who falls for that needs to learn to read.

So, from all this talk recently I take it no one writes viruses anymore?
I see countless headlines of malware-related breaches but I rarely ever see a virus making its rounds anymore.

Commenting is disabled on this article.