{"id":6428,"date":"2023-12-06T06:35:42","date_gmt":"2023-12-06T06:35:42","guid":{"rendered":"\/cybersecurity-blog\/?p=6428"},"modified":"2023-12-19T14:11:27","modified_gmt":"2023-12-19T14:11:27","slug":"fake-windows-updates","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/","title":{"rendered":"The Complete Guide to Fake Windows Updates"},"content":{"rendered":"\n<p>As annoying as they may be, Windows updates are necessary. They contain new features, bug fixes, and security updates. Thus, it makes sense for a bad actor to use these updates and <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-classification-guide\/\" target=\"_blank\" rel=\"noreferrer noopener\">sneak malware into your system<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>In fact, Windows updates occur so frequently that we often mindlessly accept them without prejudice. It\u2019s a testament to our trust in Microsoft (and impatience). Bad actors can use fake Windows updates to exploit this trust\u2014after all, the best place to hide poison is in our medicine.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>But how do bad actors circumvent Microsoft\u2019s strict security controls and launch fake Windows update campaigns? What are the dangers and how do you protect yourself? The following article will answer these questions and provide tangible solutions.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Understanding and Identifying Malicious Fake Updates&nbsp;<\/h2>\n\n\n\n<p>The nefarious designs behind fake updates often mirror common cyber attack techniques. By masquerading as legitimate software updates, cybercriminals exploit the familiarity factor of Windows (and Microsoft as a whole).&nbsp;&nbsp;<\/p>\n\n\n\n<p>Understanding the modus operandi of such attacks, including the common techniques and targets, can equip users with the knowledge to discern legitimate updates from malicious ones. It&#8217;s a cat-and-mouse game where being informed is the user&#8217;s best defense.&nbsp;<\/p>\n\n\n\n<p>First, let\u2019s explore how fake updates work and the types of threats they may be harboring.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Fake Windows Updates Work&nbsp;<\/h3>\n\n\n\n<p>These days, people don\u2019t need much to launch a cyberattack. You can use seemingly innocuous websites to help you create fake software updates as a \u201cprank\u201d.&nbsp;&nbsp;<\/p>\n\n\n\n<p>And it\u2019s a concerning notion, since most modern exploits rely on <a href=\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">social engineering<\/a>, and tend to be a part of a multi-stage attack. Once the ball gets rolling, it can be quite difficult to address these threats individually, let alone all at once. Therefore, it\u2019s essential to pinpoint threats as early as possible.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nSee how ANY.RUN can help you counter fake updates. <br>Request <span class=\"highlight\">a 14-day free trial<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/\" rel=\"noopener\" target=\"_blank\">\nGet started\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">Threat Identification and Symptoms&nbsp;<\/h3>\n\n\n\n<p>A legitimate Windows update notification will display from the taskbar notification area (default behavior):<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"742\" height=\"291\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/1-2.png\" alt=\"\" class=\"wp-image-6429\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/1-2.png 742w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/1-2-300x118.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/1-2-370x145.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/1-2-270x106.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/1-2-740x290.png 740w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/figure><\/div>\n\n\n<p>Look out for any update pop-up notifications that contain grammatical and spelling errors, do not follow your system\u2019s theme (color scheme, size, and font), or originate from places they shouldn\u2019t (like a web page).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>If you suspect the notification is fraudulent, you can just click away from it. Windows Updates have their own special taskbar\/tray icon that can be enabled or disabled. The icon has been the same since Windows 11 They can be ultimately used to verify Windows update notifications by right-clicking on it:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"300\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/2-2.png\" alt=\"\" class=\"wp-image-6430\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/2-2.png 650w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/2-2-300x138.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/2-2-370x171.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/2-2-270x125.png 270w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/figure><\/div>\n\n\n<p>If the <strong>Restart now<\/strong> and <strong>Schedule restart<\/strong> options do not appear on the icon\u2019s context menu, the message you received earlier was likely fake.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This could mean that malware has already been installed on your system. If you make the unfortunate mistake of restarting your computer, you may find yourself locked out. This is the typical pathology of a <a href=\"https:\/\/any.run\/cybersecurity-blog\/ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware attack<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Signs and Symptoms<\/h3>\n\n\n\n<p>If you don\u2019t have a third-party antivirus or security system installed, make sure your Windows Security Virus and Threat protection settings have not been disabled and blocked.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"549\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-1024x549.png\" alt=\"\" class=\"wp-image-6431\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-1024x549.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-300x161.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-768x412.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-1536x824.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-370x198.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-270x145.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1-740x397.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/3-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Pay attention to your network traffic, too. You can use a third-party network monitor, firewall, or Windows Task Manager to find any suspicious apps that may be making unauthorized uploads or downloads:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"549\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-1024x549.png\" alt=\"\" class=\"wp-image-6432\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-1024x549.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-300x161.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-768x412.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-1536x824.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-370x198.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-270x145.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1-740x397.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/4-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Essentially, this allows you to <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-detection-guide\/\" target=\"_blank\" rel=\"noreferrer noopener\">identify malware or spyware<\/a> and remove it promptly. However, it\u2019s important to note that this can depend on a lot of factors, such as the quality of your internet security system and how elaborate the threat really is.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Look out for any out-of-the-ordinary system behaviors on your computer. While said behavior may not be the result of a malware infection, it can be a sign of other, non-malware-related, hardware and software issues.&nbsp;&nbsp;<\/p>\n\n\n\n<p>If you notice that you suddenly can\u2019t access certain programs and system settings, the likelihood of your computer being compromised is very high. But what exactly should you do in this case?&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fake Software Updates for Windows OS<\/h2>\n\n\n\n<p>It is worth noting that cybercriminals frequently create fake updates for Windows-compatible software, particularly for popular browsers like Google Chrome, which has the largest market share.&nbsp;&nbsp;<\/p>\n\n\n\n<p>To illustrate this tactic, we can safely <a href=\"https:\/\/app.any.run\/tasks\/bfc3354a-1eab-48a3-97e6-6130233af42d\/?utm_source=blog&amp;utm_medium=article&amp;utm_campaign=fake_windows_updates&amp;utm_content=linktoservice&amp;utm_term=061223\" target=\"_blank\" rel=\"noreferrer noopener\">analyze a phishing website<\/a> that replicates the design of Google&#8217;s official website, specifically the pages for downloading Google Chrome, using the <a href=\"https:\/\/any.run\/?utm_source=blog&amp;utm_medium=article&amp;utm_campaign=fake_windows_updates&amp;utm_content=linktolanding&amp;utm_term=061223\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> sandbox.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-1024x544.png\" alt=\"\" class=\"wp-image-6448\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-1024x544.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-300x159.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-768x408.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-1536x816.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-370x197.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-270x143.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate-740x393.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/fakeupdate.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">The fake Google website <\/figcaption><\/figure><\/div>\n\n\n<p>When a user attempts to download the browser from this fake website, they receive an archive named &#8220;GoogleUpdate&#8221; containing an executable file with the same name. Launching this file installs <a href=\"https:\/\/any.run\/malware-trends\/cobaltstrike\" target=\"_blank\" rel=\"noreferrer noopener\">Cobalt Strike<\/a>, a program used for penetrating endpoints&#8217; security systems and further delivery of additional malicious payloads.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"541\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-1024x541.png\" alt=\"\" class=\"wp-image-6433\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-1024x541.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-300x159.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-768x406.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-1536x812.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-370x196.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-270x143.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5-740x391.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/5.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">The archive with the malicious &#8220;GoogleUpdate&#8221; executable<\/figcaption><\/figure><\/div>\n\n\n<p>This example clearly demonstrates how cybercriminals can exploit users&#8217; trust in popular software by creating websites that closely resemble the legitimate ones. To protect against these threats, it is crucial to analyze any suspicious link or file before clicking or running it.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This is where ANY.RUN&#8217;s comprehensive and fast cloud-based analysis proves valuable, enabling you to quickly determine whether a file or link is malicious and gather IOCs.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\"> \nANY.RUN Enterprise plan at a discount\n<br>\nUse promo:<span class=\"highlight\"> SANDBOXSAVER<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/calendly.com\/svasiliev\/\" rel=\"noopener\" target=\"_blank\">\nBook a call\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Preventative Security Measures&nbsp;<\/h2>\n\n\n\n<p>As the old cliche goes: \u201cprevention is better than cure\u201d. Fake Windows updates rely on human error more than they do on system exploits. Thus, there are certain habits you should consider adopting as a part of your cyber-hygiene regimen.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Controlling and Managing Updates&nbsp;<\/h3>\n\n\n\n<p>Modern Windows updates are downloaded automatically. While beneficial, it may be more secure to control how and when updates are installed.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can configure when updates are installed using the <a href=\"https:\/\/support.microsoft.com\/en-us\/windows\/get-updates-when-you-re-away-from-your-pc-with-active-hours-in-windows-09b5376c-7647-4361-1423-c29aa692a8c4\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">active hours<\/a> setting. Alternatively, you can temporarily disable updates using the Pause option under Windows Update settings.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"549\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-1024x549.png\" alt=\"\" class=\"wp-image-6434\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-1024x549.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-300x161.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-768x412.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-1536x824.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-370x198.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-270x145.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6-740x397.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/6.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>If you want a more permanent solution, you can disable the Windows Update service entirely and rely on sporadic, carefully chosen manual updates:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7.png\" alt=\"\" class=\"wp-image-6435\" width=\"650\" height=\"478\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7.png 1007w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7-300x221.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7-768x565.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7-370x272.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7-270x199.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7-740x545.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/7-80x60.png 80w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/figure><\/div>\n\n\n<p>You can then use the <a href=\"https:\/\/www.catalog.update.microsoft.com\/home.aspx\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Windows Update Catalog website<\/a> to manually download and install updates for your version of Windows. It\u2019s important that you update Windows or any other software from reliable sources &#8211; preferably from the developer or publisher. Nevertheless, knowing how updates function will make it easier for you to identify fake ones.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Perform Regular Backups&nbsp;<\/h3>\n\n\n\n<p>You can configure and perform a backup from Windows Update and Security settings.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"549\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-1024x549.png\" alt=\"\" class=\"wp-image-6436\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-1024x549.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-300x161.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-768x412.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-1536x824.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-370x198.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-270x145.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8-740x397.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/12\/8.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>However, you may find it preferable to use a third-party tool. It should be one that can capture an image of your entire hard drive(s). Images are far easier to manage than Windows file backups, as they can be mounted.&nbsp;<\/p>\n\n\n\n<p>Backups should be stored on secure cloud storage or an external hard drive (preferably password-protected). You should also consider creating a rescue\/restore\/bootup drive, not just a partition, that you can use to restore your backup.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Use Trusted Antivirus and Security Software&nbsp;<\/h3>\n\n\n\n<p>Third-party antiviruses and security software tend to have more features and controls than Windows&#8217; default offering.&nbsp;&nbsp;<\/p>\n\n\n\n<p>While All-in-one solutions may be more convenient, it may be safer to control each security point using a different tool. For instance, instead of using an antivirus, you may consider using a dedicated firewall solution to manage your system\u2019s network traffic.&nbsp;<\/p>\n\n\n\n<p>Regardless of which solution you choose, it must be maintained and updated regularly. But what should you do if your security stack fails you and your system suffers a breach?&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Dangers and Immediate Response&nbsp;<\/h2>\n\n\n\n<p>If your system seems to have been breached in any way, your first step should be to immediately disconnect it from the internet. Modern firewalls allow you to block all incoming and outgoing traffic so you don\u2019t need to physically disconnect yourself from the internet.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Disconnect and Assess&nbsp;<\/h3>\n\n\n\n<p>You need to terminate the line of communication from your system to the bad actors. Disconnecting from your network allows you to <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-use-anyrun\/\" target=\"_blank\" rel=\"noreferrer noopener\">place your PC into a sandbox<\/a>. You can then trace the root of the infection and use adequate tools to eradicate it.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Perform a Full System Restore&nbsp;<\/h3>\n\n\n\n<p>When dealing with ransomware, you can either give in to the bad actors\u2019 demands or resist. Of course, this will largely depend on how extreme their demands are and if there is a way to circumvent the attack.&nbsp;<\/p>\n\n\n\n<p>If your Windows operating system or the hard drive it lives on has been completely encrypted, you can\u2019t do much to save it. Not even booting into Safe Mode would help.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Thus, your best bet would be to wipe the hard drive (using a boot\/rescue disk) and then perform a full system restore using a recent backup. If all else fails, you\u2019ll need to ask a cybersecurity professional for guidance.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Support and Breach Mitigation&nbsp;<\/h3>\n\n\n\n<p>If the resultant Fake Windows Update breach becomes company-wide, and your business is US-based, you are required to <a href=\"https:\/\/www.dhs.gov\/sites\/default\/files\/publications\/Cyber%20Incident%20Reporting%20United%20Message.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">contact law enforcement<\/a> as soon as you can. If the cyberattack occurred on your home personal computer, you can still file a complaint with the <a href=\"https:\/\/www.ic3.gov\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Internet Crime Complaint Center<\/a> (IC3). Likewise, companies can also flag incidents through the <a href=\"https:\/\/www.fbi.gov\/investigate\/cyber\/national-cyber-investigative-joint-task-force\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">National Cyber Investigative Joint Task Force<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can also find helpful resources and information by using the <a href=\"https:\/\/www.cisa.gov\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cybersecurity and Infrastructure Security Agency\u2019s<\/a> online portal. In addition to having a reliable IT and cybersecurity team, businesses should also consider acquiring a <a href=\"http:\/\/businessinsuranceusa.com\/tech\" target=\"_blank\" rel=\"noreferrer noopener\">cybersecurity insurance policy<\/a>. This will help companies minimize losses in the case of a (successful) breach or cyberattack, as well as help you get back on track.\u00a0\u00a0\u00a0\u00a0\u00a0<\/p>\n\n\n\n<p>If you somehow survive the cyberattack unscathed and regain control of your system, you need to investigate how the breach occurred. Was it the result of a weak password? Did you download any shady or pirated software? Post-mortems are key for this, and <a href=\"https:\/\/www.atlassian.com\/incident-management\/postmortem\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">you shouldn\u2019t be lazy with them<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Work on updating your security policies, adding more security controls, monitoring accounts, and changing your passwords. If you\u2019re going to use a password manager, make sure that it\u2019s trusted and secure, too.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>Windows updates play a critical role in safeguarding systems. They patch vulnerabilities, improve the user experience and ultimately ensure optimal performance. However, malicious actors use it as a form of social engineering, and a means to infect your PC. Always ensure your updates are coming from Microsoft themselves, and be sure to educate your team about the perils of fake Windows updates.<\/p>\n\n\n\n<p><strong>A few words about ANY.RUN&nbsp;<\/strong>&nbsp;<\/p>\n\n\n\n<p>ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Request a demo today and enjoy 14 days of free access to our Enterprise plan.&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=blog&amp;utm_medium=article&amp;utm_campaign=fake_windows_updates&amp;utm_content=linktodemo&amp;utm_term=061223\" target=\"_blank\" rel=\"noreferrer noopener\">Request demo \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As annoying as they may be, Windows updates are necessary. They contain new features, bug fixes, and security updates. Thus, it makes sense for a bad actor to use these updates and sneak malware into your system.&nbsp;&nbsp; In fact, Windows updates occur so frequently that we often mindlessly accept them without prejudice. It\u2019s a testament [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":6423,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[10,34,40],"class_list":["post-6428","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guest-posts","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Complete Guide to Fake Windows Updates - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how criminals can use fake Windows updates to exploit your trust and circumvent Microsoft\u2019s security controls to launch malware attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Isla Sibanda\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/\"},\"author\":{\"name\":\"Isla Sibanda\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"The Complete Guide to Fake Windows Updates\",\"datePublished\":\"2023-12-06T06:35:42+00:00\",\"dateModified\":\"2023-12-19T14:11:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/\"},\"wordCount\":1873,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"cybersecurity\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Guest Posts\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/\",\"name\":\"The Complete Guide to Fake Windows Updates - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-12-06T06:35:42+00:00\",\"dateModified\":\"2023-12-19T14:11:27+00:00\",\"description\":\"See how criminals can use fake Windows updates to exploit your trust and circumvent Microsoft\u2019s security controls to launch malware attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Guest Posts\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/guest-posts\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Complete Guide to Fake Windows Updates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Isla Sibanda\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1.png\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1.png\",\"caption\":\"Isla Sibanda\"},\"description\":\"Isla Sibanda is an ethical hacker and cybersecurity specialist based out of Pretoria. For over twelve years, she's worked as a cybersecurity analyst and penetration testing specialist for several reputable companies - including Standard Bank Group, CipherWave, and Axxess. See my website.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/islasibanda?originalSubdomain=za\"],\"url\":\"#molongui-disabled-link\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Complete Guide to Fake Windows Updates - ANY.RUN&#039;s Cybersecurity Blog","description":"See how criminals can use fake Windows updates to exploit your trust and circumvent Microsoft\u2019s security controls to launch malware attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/","twitter_misc":{"Written by":"Isla Sibanda","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/"},"author":{"name":"Isla Sibanda","@id":"https:\/\/any.run\/"},"headline":"The Complete Guide to Fake Windows Updates","datePublished":"2023-12-06T06:35:42+00:00","dateModified":"2023-12-19T14:11:27+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/"},"wordCount":1873,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["cybersecurity","malware analysis","malware behavior"],"articleSection":["Guest Posts"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/","url":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/","name":"The Complete Guide to Fake Windows Updates - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-12-06T06:35:42+00:00","dateModified":"2023-12-19T14:11:27+00:00","description":"See how criminals can use fake Windows updates to exploit your trust and circumvent Microsoft\u2019s security controls to launch malware attacks.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/fake-windows-updates\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Guest Posts","item":"https:\/\/any.run\/cybersecurity-blog\/category\/guest-posts\/"},{"@type":"ListItem","position":3,"name":"The Complete Guide to Fake Windows Updates"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Isla Sibanda","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1.png","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image1.png","caption":"Isla Sibanda"},"description":"Isla Sibanda is an ethical hacker and cybersecurity specialist based out of Pretoria. For over twelve years, she's worked as a cybersecurity analyst and penetration testing specialist for several reputable companies - including Standard Bank Group, CipherWave, and Axxess. See my website.","sameAs":["https:\/\/www.linkedin.com\/in\/islasibanda?originalSubdomain=za"],"url":"#molongui-disabled-link"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6428"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=6428"}],"version-history":[{"count":15,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6428\/revisions"}],"predecessor-version":[{"id":6526,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6428\/revisions\/6526"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/6423"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=6428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=6428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=6428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}