A new kind of malware, in a form of an official Windows update, has been found circulating online. This malware was formed based on the latest spontaneous release of the out-of-band updates by Microsoft Corporation. Webroot, a security firm, advises the users to be cautious in order to protect their computers from any system damage.

 

Be vigilant with dialogue boxes

 

According to a blogpost written by Andrew Brandt, a representative of the threat research team of Webroot, the recent malware appears similar to the dialogue box of the Windows patch installation. The researchers had to pause and scrutinize the said dialogue box before it was declared as a fake update. The team also proclaimed that the purpose of this spy is to carry the Antimalware Defender, which is the fake Windows merchandise.

 

A person will then become a victim of this vicious scheme once the person is forced to pay for cleaning the virus, which is not really in the system of the computer.

 

Nonprofessionals can identify the true from not

 

The virus scan reports of these fake services may appear to be authentic and capable of fooling many online users. However, there are still loopholes in the construction of the said software.

 

There are links in this file that can lead the users to the Windows Defender privacy policy originally owned by Microsoft Corporation. Aside from the useful links provided, the users can also gain other valuable things from this.

 

Knowing computer processes helps

 

The Webroot research team also believes that if a home user has a frequent encounter with the Windows update, he or she will easily recognize a genuine patch from a fake one. In addition, it will also be advantageous if a person is familiar with the various computer mechanisms such as the Task Manager or the Process Explorer where one can see the programs running in the system.

 

Dealing with this problem is simple

 

One will know if the Windows update running in the computer is genuine because the forged patches usually materialize as a DLL operating in the temp folder and it will be named in the command line as “start worker”. Fighting this malware can also be easy since the running malicious process can be stopped and be deleted from the temp folder.

 

Discover more information about us through our website: About SecPoint, SecPoint Products, SecPoint Awards.