Spotted in the Wild: Rogue Microsoft Update Site - F-Secure Weblog : News from the Lab
Microsoft Updateの偽物で、Urgent Installとして、WindowsUpdateAgent30-x86-x64.exeが出ているそうです。
これはだまさせる!
Note the real URL (cfm48.com) and the spelling errors ("Please intall").
If you click the Urgent Install button, you'll get a file called WindowsUpdateAgent30-x86-x64.exe, which is not signed by Microsoft. (i.e. Click the button Download a Trojan-Dropper.)
The dropper is now detected as Trojan-Dropper:W32/Agent.DYD, and the dropped malware was already detected as
Backdoor:W32/Agent.CVU; this is functionally the same as the earlier Backdoor:W32/Agent.CTH.
関連URL
- Fraudulent Microsoft Update Web Site(US-CERT Current Activity)
- またも「Microsoft Update」に偽サイト、トロイの木馬を誘導 - ITmedia エンタープライズ