Here, Have a Trojan.
Thanks to Mikko, over at F-Secure, we learn that someone is running a Microsoft Update site lookalike, trying to get you to download a trojan. Here’s a picture of the site:
Right off, the site is suspicious because of the huge “warning” across the front. Microsoft never does that. And notice, the word is spelled “intall”. Secondly, the button itself: MS doesn’t do that either. Finally, look at the address bar. The actual address of this site is on cfm48.com, not microsoft.com, even though the update.microsoft.com string does appear inside the address.
According to Mikko,
“If you click the Urgent Install button, you’ll get a file called WindowsUpdateAgent30-x86-x64.exe, which is not signed by Microsoft. (i.e. Click the button — Download a Trojan-Dropper.)”.
Next week is MS Tuesday, and many of us will be trudging off to get the latest updates. Take the extra half a second to look at the address bar and make sure you are where you think you are. And, if you have automatic updates turned on for notification or automatic install, just smile and go on about your business. You have little to fear from the fake update guys.
I am Jon, and I’m kinda surprised this took so long to happen.
.
.