Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake anti-virus cloaks itself as Microsoft Update


  • Please log in to reply
4 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:04 AM

Posted 10 June 2011 - 11:35 AM

http://nakedsecurity.sophos.com/2011/06/09/fake-anti-virus-cloaks-itself-to-appear-to-be-microsoft-update/

by Chester Wisniewski on June 9, 2011

We are seeing the criminals behind fake anti-virus continuing to customize their social engineering attacks to be more believable to users and presumably more successful.

Last week I wrote about fake Firefox malware warnings leading users to rogue security software. This week they've started to imitate Microsoft Update.


The page is nearly an exact replica of the real Microsoft Update page with one major exception... It only comes up when surfing from Firefox on Windows. The real Microsoft Update requires Internet Explorer.


snip

Just like visiting your bank you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.


Posted Image

Edited by Union_Thug, 10 June 2011 - 11:36 AM.


BC AdBot (Login to Remove)

 


#2 lti

lti

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 10 June 2011 - 05:52 PM

They now write at a high school level. It is still written in broken English, but at least it doesn't look like they ran it through a translator.

Does this work just like previous rogues? Would NoScript be able to prevent the warning from appearing, as it does with the old "fake My Computer window" rogue installers?

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:04 AM

Posted 10 June 2011 - 08:21 PM

>>>They now write at a high school level<<<

LMFAO. :lmao:

Edited by Union_Thug, 10 June 2011 - 08:22 PM.


#4 J.R. Sanford

J.R. Sanford

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portland, OR (St. Johns)
  • Local time:08:04 AM

Posted 17 June 2011 - 01:32 AM

This is why I use Firefox exclusively

J.R.

Cast aside your limitations;
And you shall be boundless.

#5 lti

lti

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 17 June 2011 - 03:11 PM

This fake warning only appears in Firefox. All other browsers either display the fake My Computer window that these rogues have always used or a fake "unsafe site" warning that changes depending on the browser being used.

Edited by lti, 17 June 2011 - 03:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users