Security company Sophos has warned users against a fake anti-virus attack that masquerades as Microsoft Update.
According to Sophos, criminals are looking for increasingly convincible ways to persuade consumers to download fake antivirus and copying Microsoft's own security seems to be their latest trap.
"We are seeing the criminals behind fake antivirus continuing to customise their social engineering attacks to be more believable to users and presumably more successful," said Chester Wisniewski on the Sophos blog.
"This week they've started to imitate Microsoft Update." According to Sophos, the drive-by page is an exact replica of the real Microsoft Update page, but only appears on Firefox.
"It only comes up when surfing from Firefox on Windows," said Wisniewski. "The real Microsoft Update requires Internet Explorer."
According to Sophos, the attacks are becoming increasingly complex and targeted and it is time users start considering communications from software providers with the same level of suspicion previously reserved for fake bank emails.
"They use high quality graphics and are using information from UserAgent strings that are sent by the browser to customise your malware experience," Wisniewski said.
"Just like visiting your bank, you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software."
According to Sophos, criminals are looking for increasingly convincible ways to persuade consumers to download fake antivirus and copying Microsoft's own security seems to be their latest trap.
"We are seeing the criminals behind fake antivirus continuing to customise their social engineering attacks to be more believable to users and presumably more successful," said Chester Wisniewski on the Sophos blog.
"This week they've started to imitate Microsoft Update." According to Sophos, the drive-by page is an exact replica of the real Microsoft Update page, but only appears on Firefox.
"It only comes up when surfing from Firefox on Windows," said Wisniewski. "The real Microsoft Update requires Internet Explorer."
According to Sophos, the attacks are becoming increasingly complex and targeted and it is time users start considering communications from software providers with the same level of suspicion previously reserved for fake bank emails.
"They use high quality graphics and are using information from UserAgent strings that are sent by the browser to customise your malware experience," Wisniewski said.
"Just like visiting your bank, you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software."
0 comments:
Post a Comment