Fraudulent Microsoft Update Web Site

US-CERT is aware of a fraudulent Microsoft Update web site. This web site contains an "Urgent Install" button that, when clicked, attempts to download and install malicious software on a user's system. The file that attempts to download is not signed by Microsoft and is called "WindowsUpdateAgent30-x86-x64.exe". Of further interest, this web site is using fast flux DNS for its web hosting.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Verify the web site by manually typing the URL when attempting to connect to web sites recommended in an email.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.