Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« OKOK.exe is not okay - okay? | Main

  • Fake Windows Update Popup: It's Back (Again)

The fake Windows Update popup has been doing the rounds on Myspace for a long time (we're talking at least June 2007). Every now and again it returns, usually varying the payload. Well, here we have an example where Phishing is involved and a sneaky imitation of a well known security program is thrown in for good measure. Find out more after the jump...

Deepak, one of our researchers came across this today:

myspace1.jpg

It is, of course, Ye Olde Fake Microsoft popup, complete with installer that typically tries to scare the user into purchasing rogue antispyware products.

However, this one leads back to an FTP Directory with a bunch of new files that have apparently been sitting there since the 11th of May:

msms2.gif

Even more interesting, check out the HTML file sitting in the directory:

http://blog.spywareguide.com/upload/2008/05/msms3-thumb.gif
Click to Enlarge

We have a definite tie between one of these fake popups and an honest-to-goodness Phishing page sitting on the same URL. Shall we look at one of the popups? You might find this strangely familiar, because the bad guys are imitating a well known security product:

fakend1.jpg

Compare and contrast with the real thing - an alert from reputable security program NOD32 Antivirus.

Pretty devious.

Discovery and Research: Deepak Setty, FSL Senior Threat Research Engineer

  • TrackBack

TrackBack URL for this entry:
http://blog.spywareguide.com/mt/mt-tb.cgi/327


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.