Updated Conficker Ropes Victims into Rogue Antivirus Scam
An updated version of the Conficker worm is installing malware that attempts to lure people into buying rogue anti-virus. Security researchers also say the worm is downloading malware tied to the notorious Waledac botnet.
Conficker's latest move may be tied to a scheme to lure users into downloading fake antivirus.
Security researchers monitoring the worm's activities say the malware has been observed downloading a file detected by Kaspersky Lab as FraudTool.Win32.SpywareProtect2009.s.
"Once its run, you see the app interface, which naturally asks if you want to remove the threats it's "detected"," according to Kaspersky Lab's Analyst Diary blog. "Of course, this service comes at a price - $49.95."
In addition to that file, the worm is also now downloading the Waledac malware, which steals passwords and turns computers into bots for spamming operations. Waledac has emerged as a key figure in spamming operations over the past several months, and is widely considered a reincarnation of the infamous Storm botnet.
Further down in the article...
There are numerous tools to disinfect systems infected with Conficker, some of which are linked to here. The worm spreads by exploiting a patched Microsoft vulnerability as well as via network shares by logging on to machine's with weak passwords. It also spreads through removable media. Network administrators are advised to deploy MS08-067 if they have not already done so, as well as to follow best practices regarding passwords.
Read it all...