Maximum PC sunbelt RSS Feed http://www.maximumpc.com/tags/sunbelt used for category lists, takes arguments en Fake Microsoft Update Email Can Ruin Your Evening - Stop It Now! http://www.maximumpc.com/article/fake_microsoft_update_email_can_ruin_your_evening_stop_it_now <!--paging_filter--><h4>Heed This &quot;Warning&quot; - And You'll Be Sorry</h4> <p>Security vendor Sunbelt Software's blog reports that a fake warning to &quot;update your P.C. in maximum 12 hours otherwise your Windows will be Expired&quot; is making the email rounds. While the message (visible <a href="http://sunbeltblog.blogspot.com/2008/01/fake-ms-update.html">here</a>) has all of the earmarks of a fake (including broken English), it might convince some technical novices that they'd better get clicking. If they do click, what happens? They download <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=IRC.Backdoor.Trojan&amp;threatid=45277">IRC.Backdoor.Trojan</a>, an old threat that can still take over a system. It's disguised as <b>updateWindows.exe</b>. You can learn more about how it works by reading PacketShack.org's <a href="http://www.packetshack.org/index.php?page=fDDoS">analysis</a>. </p> <h4>Removing IRC.Backdoor.Trojan</h4> <p> There are a large number of variants of this nasty bit of malware, as this <a href="http://www.tek-tips.com/viewthread.cfm?qid=1431507&amp;page=1">Tek-Tips thread</a> suggests. It also goes by <a href="http://www.sunbelt-software.com/ihs/alex/vt21888123888.pdf">many different names</a> depending upon the antivirus vendor, including Win32.HackTool (eSafe), Backdoor.IRC.Zapchast (F-Secure and Kaspersky), Riskware.HideWindow.B (Webwasher-Gateway), and many others (link requries a PDF reader). Some antivirus programs may have difficulty removing it. </p> <p> If you're working on an infected computer and can't get rid of it, one Tek-Tips poster recommends using the free <a href="http://support.f-secure.com/enu/home/ols.shtml">F-Secure online scanner</a>. You must use IE6 or IE7 with ActiveX enabled to use the F-Secure scanner, and it runs on Windows XP or 2000 (a beta version is available for Windows Vista users). </p> <h4>What Not to Click </h4> <p> Tired of fixing virus and malware infections? Remind your family, friends, co-workers (and anybody else who thinks you're a technology genius) of the rules for staying out of trouble online: </p> <ul> <li><b>Don't </b>click links purporting to come from PayPal, eBay, or your local bank or credit union</li> <li><b>Always </b>log into Windows Update, e-commerce and similar sites manually</li> <li><b>Hover </b>the mouse over links in an email or web page to find out where it will really take you</li> <li><b>Ignore</b> logos and artwork when attempting to determine if an email or website is legit - they're easily stolen and reused</li> </ul> <p> These can be summarized in one rule: <a href="/article/safer_browsing">Think before you click!</a> </p> http://www.maximumpc.com/article/fake_microsoft_update_email_can_ruin_your_evening_stop_it_now#comments News Windows antimalware antivirus fake email malware news Software sunbelt Trojan Horse virus windows XSS Tue, 22 Jan 2008 21:25:52 -0600 Mark Soper 1821 at http://www.maximumpc.com