A warning has been issued about a fake Windows update alert,which contains malware. Anyone foolish enough to install it would end up beingpersuaded to purchase a product to deal with a non-existent ‘problem’.

The scam was detected by security firm Webroot. The usersees a pop-up box closely resembling a Windows update alert. The makers of thisphony alert are cashing in on the number of special updates issued recently byMicrosoft outside of its monthly Patch Tuesday fixes, to deal with problemsrequiring more urgent attention.

The fake alert, which gets pushed to users who click on Websites that contain so-called “drive-by downloads”, offers a product calledAntimalware Defender. As with real Windows Update dialog boxes, clicking thevarious hot-linked lines of text in the fake alert’s dialog box actually takesyou to various other locations. For instance, the initial window that appearshas a link labelled “Change automatic updates settings” that leads to the realdialog box where you would modify how your computer handles automatic updates.Another link leads to a real page on Microsoft’s Web site that provides verygeneral information about malicious software.

If a user clicks the ‘Install now’ button, the programdoesn’t actually install anything. Instead, the spy kicks into a differentmode, where it displays a window that purportedly shows some sort of antivirusscan (with the expected large number of bogus detections). Once running, avictim is coerced into buying a “license” to this nonexistent product. Thepurchase process looks remarkably similar to dialog boxes generated during theonline activation of Windows when you first install it.

The avoid installing this bogus software, take a look at thedetails of the pop-up (illustrated here). You will see the word ‘Antimalware’.