Online fraudsters have recently been using fake Windows Updates to sell their own security products named “Antimalware Defender”. Researchers have lately warned that the online scam uses boxes similar to Windows Update, pop ups and delivers false antivirus scans.” said Mr Brandt from Webroot.
It starts by visiting websites that are infected. They force downloads at visitors that look like original Microsoft update pages.
If users select the “install” button, malware attempts to trick users into purchasing a license to their software.
“Noticing the file isn’t hard for users familiar with Windows Task Manager.” explained Mr Brandt. Unlike normal Windows Updates, these artificial updates show a DLL file under the temporary folder with the words ‘start worker’ in a command line.
Users can prevent this malware from starting by removing files within the temporary folder.