Is That Software Update Actually Malware?

fake update_header

 

Is that Adobe Flash update notification you received legitimate? Or is it a scam designed to install malware on your computer?

Cybercriminals disguise malware as pop-up notifications to update Adobe Flash, Adobe Reader, Web browsers, Java or other mainstream software. The update notifications are designed to look legitimate, such that unsuspecting individuals are unlikely to think twice before clicking on “Install”.

But when and where do these fake software requests tend to appear? And how can you tell a real update request from a fake one? Here’s what you need to know.

Where Fake Software Updates Appear
As you are surfing the Internet, you may see a pop-up window on your computer screen, instructing you to update a particular piece of software. This may happen if you’ve inadvertently installed adware on your computer. Adware’s intent is to display advertising content, often in pop-up windows, on your computer; it can also monitor your browsing activities. The adware may have been bundled with something free you downloaded, such as a freeware program.

Fake software update requests can also appear when you’re using a public hotspot. For example, there have been reports of travelers who, while using a hotel’s Internet, received a pop-up window alerting them to update a piece of software. The FBI even posted an advisory on the scam.

You may also see a fake software update when browsing free movie streaming, media, and software download sites.

Pop-up prompts aren’t the only way malware gets installed on a computer, of course. Some malware are known to hijack the auto-update feature of computers, and the user is often none the wiser.

Mobile devices are increasingly being targeted, too. CNBC recently reported on the rise of ScarePackage, which poses as an Adobe Flash update or anti-virus app for Android devices. If installed, the malware locks you out of your device and you’re asked to pay a ‘ransom’ to regain control.

How to Tell the Difference Between a Fake and Real Software Update
The first thing to know is that software update notifications won’t come to you in email and they aren’t likely to simply appear out of context as you surf the Web. Legitimate notices to update will come from the software itself, especially when you open and run the program.

If you receive a software update request that seems suspicious, review it closely. Just as with phishing emails, you may be able to spot misspelled words, improper usage, lack of punctuation, and other telltale signs. You may notice that the logo for the company being falsely represented may not look quite right, too. Take for example the fake Google Chrome update below.

fake Chrome update

While the example above is quite apparent that it isn’t from Google, other fake software update notifications are a bit more convincing.

fake Chrome update

Also, take a close look at the reasons you’re given for updating. One particular malware-spreading website told visitors to update their browsers to get “new awesome features.” A legitimate update request would be more specific.

Frequently, a fake software update request will warn you of dire consequences if you don’t agree to the update. Example: One fake Microsoft software update told users to “install updates urgently” and that “this installation is essential for the normal work of your system.” (Along with the message’s urgent tone, you may also have noticed its awkward grammar.) Others warn that your computer is at risk for security threats if you don’t update.

Also, the software you’re being asked to update may not be specifically identified. For example, you might see a pop-up window telling you to “upgrade your media player now (required).” The look and feel of the message may bear a vague resemblance to Adobe or another known software developer.

How to Protect Yourself

* Don’t respond to software update requests when you’re on a public WiFi hotspot or surfing a free media or download site.

* When in doubt, download any needed updates directly from the software vendor’s website.

* Never click links in emails that tell you to upgrade your software.

* Get in the habit of reviewing software update requests carefully, especially if they seem to have appeared out of nowhere.

* Set your computer to automatically update your operating system and applications.

* Keep your Internet security software up-to-date, and ensure it’s running at all times.

* If you suspect adware, spyware, or malware has been installed on your computer, use your Internet security suite to scan your computer’s hard drive right away.

Don’t Get Faked Out
When driving a car or riding a bike on city streets, most drivers try to remain alert at all times to the possible dangers.

The same is true when you’re online. There are potential risks just about everywhere you go. And fake software updates, no matter how legitimate they may seem, can cause a lot of damage if you click on them. So always remember to stop, take a close look, and when in doubt, keep moving—in the opposite direction.