Sophos is reporting that Fake AV distributors are reamping up efforts to deploy their malicious wares by closely imitating the Microsoft Update site in a bid to take advantage of the monthly patch cycle. Be very wary of any alerts that pop up in your web browser. You should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.
In this particular attack, victims are being told to install the fake updates urgently, with attackers claiming that “This installation is essential for the normal work of your system. Critical update is needed.” Here is a message enticing users to download the Fake AV and infect their machine, errors and all:
“After the download, this tool is run only once checking your whole system for infection. It removes any infection found, any specific, prevalent malicious programs such as Blaster, Sasser and Mydoom. When an infection is found this tool displays a status report with the next computer start. This tool is necessary for you computer to make your system being protected from hi-jacking and its download is crucial if you value your personal data and your privacy.”
Victims tricked into downloading this Fake AV will end up infecting their computers with a potential array of malicious programs.