It’s very important your computer, software and browser are running with the latest updates, but it’s equally important to be discerning about where your updates are coming from.
A perfect example of the latest update scam: Recently, we observed malware writers using compromised Twitter accounts to post the fake tweets about the ‘latest TweetDeck update’ as mentioned on the TweetDeck Support portal. The tweet contains a URL that points to the fake TweetDeck update file called ‘tweetdeck-08302010-update.exe’, a small executable file 95KB in size. When the file is run, nothing appears to happen, but in the background, malware will infect the computer.
Microsoft anti-malware solutions protect against this threat, detected as Trojan:Win32/Alureon.CT.
The lesson here: Don’t respond to alarmist demands to update or else! Verify where your update is coming from; make sure you are getting updates from a reputable vendor.
– Hil Gradascevic & Jasmine Sesso