Sophos: malware mimicking Windows Updates
1 of 2 
By Stewart Mitchell
Posted on 9 Jun 2011 at 09:37
Security experts are warning against malware that's dressed up as Microsoft Updates.
According to security firm Sophos, criminals are looking for increasingly believable ways to persuade consumers to download fake antivirus and mimicking Microsoft's own security is their latest wheeze.
“We are seeing the criminals behind fake antivirus continuing to customise their social engineering attacks to be more believable to users and presumably more successful,” said Chester Wisniewski on the Sophos blog.
“This week they've started to imitate Microsoft Update.”
According to Sophos, the drive-by page is an exact replica of the real Microsoft Update page, but only appears on Firefox, which is a giveaway that something is wrong.
“It only comes up when surfing from Firefox on Windows,” said Wisniewski. “The real Microsoft Update requires Internet Explorer.”
According to Sophos, the attacks are becoming increasingly complex and targeted and users need to start thinking about communications from software providers with the same level of suspicion previously reserved for fake bank emails.
“They use high quality graphics and are using information from UserAgent strings that are sent by the browser to customise your malware experience,” Wisniewski said.
“Just like visiting your bank, you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, or any other vendor for updates to their software.”
From around the web
eh?
I wasn't even aware you could get to windows update via any browser since XP?
(although my vista experience is what it should be... near zilch... as far as I know it doesn't work like that on vista either)
By Anonymouse on 9 Jun 2011 
Why only Firefox?
Is it some exploit in FF that makes this appear? Does it appear in Opera, Safari, et al too?
Surprised it's taken so long to imitate the XP Update page for that matter - Didn't the malware guys want to infringe copyright?
By greemble on 9 Jun 2011
That will teach me...
To comment on new articles before my 5th cup of coffee.
I honestly thought this was an imitation of the 7 update screen.
*hangs head in shame*
I'll get my coat!
By Anonymouse on 9 Jun 2011
I blame Apple! says another SwissMac in a parallel universe
Can't see that it would be limited to FF only. All the netscape based browsers would be affected surely.
By mr_chips on 9 Jun 2011
I have to say...
I really dis-like all the posts I see baiting 'SwissMac'.
Thankfully, he/she? either doesn't see them or chooses to ignore the obvious-almost-trolling posts I see every day.
By Anonymouse on 9 Jun 2011
You means you don't think their posts aren't "obvious-almost trolling2?
By Ex_Sailor on 9 Jun 2011
Not really, no.
From what I see; SwissMac makes posts against window users in general and chamions the Mac at every oppurtunity.
Much like myself and many others who are not averse to calling out the fanbois on any number of things and promoting the benefits of MS's OS's but I rarely if ever see out of the blue posts made directed towards named single users.
I have to say, I could list the number of subjects I agree with swissmac on the back of a postage stamp, but he/she makes well versed and quite articulate points and I respect that.
There's an old forum saying/rule I like...
Attack the post, not the poster.
This is just the way I view it, and I would like to point out it is likely some of you have been here for much longer than me and maybe have a rappor with swissmac that I don't see.
It just reads sometimes like people try to use him/her as a scratching post to play with.
By Anonymouse on 9 Jun 2011
@Anonymouse
I would wager that most of us here are not adverse to Apple at all, just to their indoctrinated and brainwashed zealots who take every opportunity to not only champion Cupertino's cause, but also belittle everything else out there. And SwissMac is a rather extreme example of one of those.
It's not your average Apple user who posts "luckily Apple had already negotiated component prices" as the first reaction to the Japanese disaster.
In any case, he's normally the first one here to gloat and caw over MS/Android/Linux/anything issues, so he's rather brought this on himself :)
By TheHonestTruth on 10 Jun 2011
Truth
I didn't say that most here are averse to apple, I said...
"Much like myself and many others who are not averse to calling out the fanbois "
And you just said it yourself...
He 'gloats and caws' over MS/Andrioid/Linux.
That's different than the poster above baiting him by name.
I get the feeling you choose to ignore crucial aspects of posts you reply to, or maybe you just need to read tposts more carefully before ouy reply?
By Anonymouse on 10 Jun 2011
Gadzooks.
Please read my post more carefully. I never said (nor did I intend to say) that you said people here were averse to Apple. I was simply illustrating my point as to why SwissMac brings this particular reaction onto himself. Crikey.
Like how you realise I am staunchly anti-hacking and mentioned me by name in another thread long before I had posted. For the most part, it's all light-hearted and made/taken in good spirited fashion (except, it seems, by you!)
By TheHonestTruth on 10 Jun 2011
Hmmm?
I see you are choosing to ignore the bit where I said maybe there is a rappor I am not seeing.
Not to mention naming you was clearly not done in the same light as the posts directed towards Swissmac.
However, I will be sure not to address you in my posts in future.
My apologies if I caused any upset.
By Anonymouse on 10 Jun 2011
@Gadzooks
The BIG problem with SwissMac is that they are the equivalent of some one in a full theatre shouting fire ~ when there is none.
They are not needed or wanted...they are an unsafe person to be with.
Mark
By mprltd on 11 Jun 2011
@Gadzooks
The BIG problem with SwissMac is that they are the equivalent of some one in a full theatre shouting fire ~ when there is none.
They are not needed or wanted...they are an unsafe person to be with.
Mark
By mprltd on 11 Jun 2011
mprltd
You have just proven my point exactly.
If somebody posts what you think is nonsense... then post an opposing view.
There is no need to insult the poster.
By Anonymouse on 11 Jun 2011
Gadzooks2
And, you're choosing to ignore the bit when I very clearly stated that my post was purely to inform you of the “rappor” that you were not aware of. Again, I was simply illustrating to you, as you indicated you did not know, why so many people find him irksome. Ie: absolutely no "ignoring" on my part. Crikey!
And, yes, I do believe that naming me was exactly in the same light as people name SwissMac. No offence was taken, as I’m sure he doesn’t take any either – we’re all very used to this! ;)
By TheHonestTruth on 13 Jun 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
