If a stranger walked up to you on the street and said, “Here, eat this.” Would you? Of course you wouldn’t. You have no idea what it is or where it came from. You’re smarter than that. It happens that the same scenario is playing out on computers everyday. Software updates are popping up and asking users to download them. And users are saying, “Sure.”
As computer users are more virus savvy these days, malware writers are now trying to trick people in to installing their malicious software by disguising it as a legitimate software update. Most users know that it’s important to keep computer software up-to-date and may fall victim to malware.
It’s a disturbing trend and destructive tactic. Both PC and Mac users are vulnerable. How can you tell the difference between the fake software update and a real one? We’ll try to give you some guidelines:
1. Most free software services don’t send an email to alert you to an update.
Update notices will come from the currently installed copy of the software and will generally appear in the system tray.
EXAMPLE: An Invision client received the following fake update alert:
From: LogMeIn.com [firstname.lastname@example.org]
Sent: Tuesday, April 30, 2013 8:53 AM
Subject: Your LogMeIn SSL certificate has expired!
You are receiving this notification because your LogMeIn SSL certificate has expired. In order to continue using the LogMeIn Software, you are required to update your digital certificate.
To download a new LogMeIn digital certificate, please visit :
According to our Terms and Conditions, failing to renew the SSL certificate will result in account suspension or cancellation:
Thank you for using LogMeIn Software
Copyright © 2003-2013 LogMeIn, Inc. All rights reserved.
How you know it’s a fake: The LogMeIn logo is evident and the message appears to be legitimate. However, when we hovered over the download link (the first link in the message) we see that the actual download location doesn’t match the link text. Always hover before clicking.
In this case where the link text reads “secure.logmein.com/download…” the actual download site is “slovkolex.sk/images/ssl_cert….” As these don’t match, it’s easy to determine that this is a fake alert.
2. Installing malware through browser pop ups.
The pop up will have some very legitimate looking logos and the text doesn’t have the typical spelling or grammatical errors that have been common hallmarks of past fake alerts. These pop ups will appear while you’re using a web browser.
If prompted, would you install this?
Don’t! Close the browser if you see a pop up like this one that appears while using a browser. To check if there are any updates or newer versions available, go to the software site (adobe.com, java.com). Only download updates from these sites and never from a pop up.
3. There is the fake anti-virus pop up.
Like the fake software update message above, this one will appear while using a browser:
The Invision customer who received this message realized that he didn’t use the software associated with the alert. Close the browser. Close the window. If you do use the software, in this case Microsoft Security Essentials – launch it from the start menu. All anti-virus software will have an update now or check for updates option somewhere in the program. Update the software from within the program and then allow it to run a full scan.
Always be wary of email. Even the best spam filters are only 95% effective. Unless you’re expecting a download link don’t click on one.
Most malicious pop ups are triggered by infected advertising that can appear on legitimate websites. These websites accept advertising rotations from a variety of sources that can be easy to compromise. If you’re not sure, close the window and go to the software publisher’s website to check for updates. Always better to be safe than sorry.
If you’re looking for an IT support company in the greater Kansas City area, turn to the pro’s at Invision. The local IT solutions provider you need is right around the corner!