Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product.
The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we do also), I think their advice can use some further explanation this time. The advice I refer to is “Just like visiting your bank you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.” What this really means is that you must stop trusting pop ups that tell you to update your software. Not trusting the pop-ups is very, very different than ignoring them. Let’s say that you are surfing the web and a Microsoft security warning pops-up telling you that you need to update, do not click on it. The first step will be to close the web browser. If the message is gone, then it almost certainly was an attempt to trick you. If the message is still there, then open control panel. In Windows 7 you should see something like this.
Click on System and Security. If you see something different in Windows 7, then on upper right side change the view to “Category”. You can always change it back. The next screen will look like this.
At this time you may use the “Windows Update” link to make sure you are checking with Microsoft for a real update. Using this method you bypass a sneaky criminal’s attempt to get you to install their malicious software (malware).
For your Bank, you should always open a brand new browser window or tab and then type in the name of your banks website to use online banking. For Adobe updates, such as Flash, Reader, or Acrobat, open a new Window or Tab and type in www.adobe.com. Never install the updates from a link in another website. To update Sophos I recommend you type in www.eset.com :) OK, to update your antivirus product use your antivirus product's built-in updating mechanism. If you need a newer version of the software type in your vendor’s website yourself.
The criminals know that it is very easy to trick people into doing things by having them do something they are accustomed to doing, installing updates. Make yourself accustomed to installing updates from the proper locations and you will keep yourself a whole lot safer online.
Director of Technical Education
Cyber Threat Analysis Center
ESET North America