Fake Critical Windows Vista Update Installs Malware

Attacks that are using Windows Updates in order to spread malware and compromise Microsoft platforms are nothing more than an integral part of the luxuriant threat environment that preys on unsuspecting users. But generally the attacks masquerading as Microsoft Updates are nothing more than social engineering tricks devised to essentially convince the end user to become an active participant in the compromising of the system. In this context, the level of authenticity of emails allegedly delivering Windows updates is rather low, as such a practice was never deployed by the Redmond company.

In this context, attackers are now seeking to replicate as closely as possible the actual experience that Windows users do associate with the Redmond company. Such as the Microsoft Update. The actual Microsoft Windows Update site can be found here and it is sensitive to the context of the operating system, meaning that when a Vista user will visit the website, the page will change to reflect the platform. Security outfit F-Secure has warned Windows users of the existence of a spoofed Microsoft Update site that spreads malware.

The fake Microsoft Update website urges users to immediately install a Critical security update for Windows 2000, Windows Server 2003, Windows XP and Windows Vista. The social engineering scheme is put together to effectively scare the user into installing malware on their machine.

"Watch out for this one. It's not the real Microsoft Update site. Note the real URL (cfm48.com) and the spelling errors ('Please intall'). If you click the Urgent Install button, you'll get a file called WindowsUpdateAgent30-x86-x64.exe, which is not signed by Microsoft. (i.e. Click the button — Download a Trojan-Dropper.) The dropper is now detected as Trojan-Dropper:W32/Agent.DYD, and the dropped malware was already detected as Backdoor:W32/Agent.CVU; this is functionally the same as the earlier Backdoor:W32/Agent.CTH," a F-Secure security expert revealed.

MORE RELATED ARTICLES: Get Ready to Download InkSeine for Vista Tablet/UMPC Devices 2008 Has Not Been Kind to Windows Vista Microsoft Evolves Its Windows Update Infrastructure Leaked Vista SP1 RTM Build 6001.18000 Available for Download – from Hacks to Torrent Websites The Evolution of the Core of Vista SP1 There Is No Windows Vista SP1! And No XP SP3! Microsoft: Some Free Vista ( SP1) to Go Along with the Free XP SP2 Downloads? Have the Sins of Windows Vista Survived in Vista SP1? Vista SP1 – the Death of the 2099 Grace Timer Crack and OEM BIOS Hack Download Vista SP1 RTM! Oh, Wait... Forget That! But Here's a Taste of the Final Vista SP1