Scareware Just Got Scarier

About month ago we blogged about a report on how a piece of malware, called either Antivirus 2008 XP or Antivirus 2009 XP, would falsely notify the user into thinking that their systems are infected, in order to trick them to pay for a solution. Turns out that it does much more than that.

Ars Technica notes that this particular piece of malware, as distributed by botnets, is actually used as part of a bigger effort to look for a specific flaws in unpatched systems. The author then poses the real question of:

For many nonprofits which don't have a server-client system and don't use Windows Server Update Services, it becomes a moot point. If your systems are setup for unattended automatic updates, critical flaws will be patched. But if your organization relies on individual users to allow or accept security updates, there's a real problem.

The Windows Server Update Services is the setting we recommend because the risk of unpatched systems greatly outweighs that of an incompatible update. For more information on Windows Update check out this Microsoft page.

And all of this, again, is another reminder about how spam email can infect your machine (and your network) with more than just annoying emails. It can land malware like this on your network and cause security breaches and leaks of personal information from your staff, users, and donors. Join our Stop Spam Today campaign and check out our Security Corner for more info on how you can keep your data and your staff more secure with education and technology.