The fake Windows Update popup has been doing the rounds on Myspace for a long time (we're talking at least June 2007). Every now and again it returns, usually varying the payload. Well, here we have an example where Phishing is involved and a sneaky imitation of a well known security program is thrown in for good measure. Find out more after the jump...
Deepak, one of our researchers came across this today:
It is, of course, Ye Olde Fake Microsoft popup, complete with installer that typically tries to scare the user into purchasing rogue antispyware products.
However, this one leads back to an FTP Directory with a bunch of new files that have apparently been sitting there since the 11th of May:
Even more interesting, check out the HTML file sitting in the directory:
We have a definite tie between one of these fake popups and an honest-to-goodness Phishing page sitting on the same URL. Shall we look at one of the popups? You might find this strangely familiar, because the bad guys are imitating a well known security product:
Compare and contrast with the real thing - an alert from reputable security program NOD32 Antivirus.
Pretty devious.
Discovery and Research: Deepak Setty, FSL Senior Threat Research Engineer
Leave a comment