14 DAY TRIAL // How about this for a New Year’s resolution: I will not/no longer fall victim to social engineering schemes. It’s really not that difficult, all that users have to do is mind the source that’s offering them downloads, updates, free software, or any other type of incentive, but also unsolicited antivirus scans, or any type of advice that can be interpreted as an attempt to scare them into doing something they wouldn’t normally do.
Social engineering schemes are designed to take advantage of the victim’s credulity instead of software vulnerabilities in order to get computers infected with malware.
Customers are often promised various inducements or are urged to take a specific action to save their machines from inexistent security flaws, malware infections, errors, etc.
Microsoft customers are among the most targeted in the world, simply because of the ubiquity of products such as Windows, Office and Internet Explorer.
One strategy that attackers use is to present customers with fake updates. However, what they are actually serving is malicious code masquerading as refreshes coming from Microsoft.
It is the case of KB453396-ENU.zip detected by security firm Sophos. KB453396-ENU.zip is really a nasty worm dubbed W32/Autorun-BMF that is being offered to unsuspecting users through emails which appear to be coming from Microsoft.
The unsolicited emails are in fact generated from [email protected], and users only need to take a good hard look to notice that microsft.com has nothing to do with Microsoft.
But KB453396-ENU.zip is just the latest example in a long series of attempts by cybercriminals to spread their malicious software, by actually tricking end users into installing it themselves.
A quick Internet search for KB453396 doesn’t return any results. The same is valid for searching Microsoft Support for article 453396.
There are no results, because there’s nothing there. The update is as fake as they can get, and not an update at all, but a worm instead.
For future reference, Microsoft never uses email as a channel to serve Windows Updates, or any type of refreshes for that matter.
The Redmond company has an entire infrastructure set up delivering updates worldwide, and no aspect of the delivery system involves spamming unsolicited emails.
In fact, customers with Automatic Updates turned on will have all refreshes served and installed automatically on their computers.
One small step toward not falling victim to social engineering attacks is to ignore all spam offering Windows Updates, even though it might appear like it’s coming from the software giant.