No, that’s not a typo. The title for this blog entry is really “Updating VVindows”, with a double V instead of a W. If you’ve noticed that the word “Windows” was written with two Vs instead of a W, then good for you. Chances are, you won’t be easily fooled by VVINDOWSUPDATE.COM

According to Sunbelt’s Blog, there is a newly registered domain name called VVINDOWSUPDATE.COM. Created last July 9, this site apparently wants to trick people into thinking that it’s the actual update site for Windows (which is actually http://www.update.microsoft.com). Although there are no pages on the site yet, it’s highly possible that VVINDOWSUPDATE.COM can be used for future web threat attacks.

Here’s some related info on the domain:

Domain Name: VVINDOWSUPDATE.COM

Registrant:
SSS Inc.
Ivan P Sidorov ********@spywaresoftstop.com)
Mira 1-90
Moscow
Karachaevo-Cherkesskaya Respublika,333444
RU
Tel. +543.87987665

Creation Date: 09-Jul-2007
Expiration Date: 09-Jul-2008

Domain servers in listed order:
ns2.vvindowsupdate.com
ns1.vvindowsupdate.com

It seems suspicious that the registrant is in Russia, don’t you think?

As a safety measure, before clicking on any link claiming that it’s a Windows update site, check for the URL. It should be http://www.update.microsoft.com.

Today, our email honeypot captured a new malware sample to be detected as TROJ_ARTIEF.H. The malware executable is embedded in a RTF document with a filename of “complaint_3768253712.pdf”. Yes, the file extension is “pdf” but the file is actually an “exe”.

As I recall the TROJ_ARTIEF family of malwares targets high ranking individuals (business executives, managers, etc.). This time, the email is again directed to Federal Trade Commission. It is has the same email body as described in a previous entry, More Malicious RTFs detected.

Just a reminder, don’t open unsolicited mails from known or unknown contacts especially if the mail has attachments included. Always have your anti-virus software scan files downloaded from the internet.