A few months ago, we started seeing a new trend where the hacker seeds the internet with websites which will trigger a fake Microsoft alert. When you open the website, you also get a pop-up box which looks just like an authentic Windows pop-up and tells you that you need to update the software on your computer. The security guys are always saying that you should keep your computer fully patched so many people click the link, thinking that they are protecting their computer. According to Tad Heppner of McAfee Labs, clicking on the box prompts an executable window requesting users to install the updates but actually leads to "a true malware cocktail."
Spoofing of the Microsoft Malicious Software Removal Tool (MSRT) is particularly common but all the Microsoft updates have been spoofed in one form or another.
In one recent case, the spoof was triggered by infected 'friend' requests on MySpace. Users triggered the trap when they went to check on the profile of the person trying to befriend them. If you are a MySpace or Facebook user, beware of friend requests from people you don't know and be cautious when surfing other people's profiles.
If you get a request to update software on your work computer, ignore it unless you also received an email from your IT department explaining the update. If you receive the pop-up on your home computer, go to your Control Panel and look for the Security Center. Once there, initiate the check for updates yourself rather than trusting the pop-up. Never click a pop-up that shows up on your computer unexpectedly.