England based security developer and vendor Sophos, in a statement, said that a fake anti-virus, which is a replica of Microsoft’s security update, tricks the user into installing malicious software, a report said.
The new anti-virus, which claims to be an update from Microsoft security center, works only on Mozilla’s Firefox, while the original updates sent from Microsoft is only capable of updating the user’s computer if he/she is using the Internet Explorer browser.
Affected users have complained about receiving an update notification which says Update your Windows which, when agreed to, will download a file ‘KB453396-ENU.zip’ which contains a worm.
Users have also received fake mails in the name of Microsoft’s Director of Security Assurance Steve Lipner which makes the update more credible.
“They (the hackers) have spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it is genuine,” said Graham Cluley, Senior Technology Consultant at Sophos.
Steve Lipner, in the past, has been targeted by the hackers when anonymous mails on his name have been sent along with security updates via attachments.
“With so much effort being taken by the cybercriminals to hoodwink unsuspecting computer users, though, you would have thought they would have not made an elementary mistake in their forged email header. The messages we've seen claim to come from email@example.com,” Cluley added.
SophosLabs, however, has detected the malware as W32/Autorun-BMF which contains a .zip file called Mal/BredoZp-B, the Tech Tree website reported.