By Andrew Brandt
A new Windows Update-themed stupid malware trick that’s making the rounds appears to be trying to capitalize on the recent frequency of “out of band” Windows patches Microsoft has been releasing lately.
The spy, which serves as nothing more than a vehicle for the fraudulent sale of a fake product called Antimalware Defender, so closely resembles a Windows Update installation dialog that some members of our threat research team who saw these files had to pause and look carefully at the dialog box before deciding it is, in fact, a big fat hoax. Even the Microsoft Knowledge Base article the dialog box references is a real KB article…though it has nothing to do with security.
The entire scam is facilitated through a nearly-1MB DLL file, which contains all the instructions required to display the fake popups from the System Tray, the fake Windows Update dialog box, and the fake antivirus “scan” window which appears when you play along with the app. The DLL appears when you visit certain Websites that push drive-by downloads at visitors.