On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet

April 9th, 2009

Conficker botnet stirs, with a scareware business model

Posted by Ryan Naraine @ 8:36 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Passwords, Patch Watch, Pen testing, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Conficker, Gostev, Waledac, Viruses And Worms, Security, Ryan Naraine

The Conficker botnet has stirred to life, using its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines.

The Conficker update comes a week after a heavily-hyped April 1st activation date and provides the first sign of the motivation behind this malware threat — financially motivated cybercrime.

[ SEE: Eyeballing Conficker with eye-charts and maps ]

My colleague at Kaspersky Lab (see disclosure) Alex Gostev, has analyzed the latest samples and found the scareware/fraudware association, which means that millions of Conficker-infected machines will start getting pop-ups pushing a fake $49.95 security scanner.

Gostev writes:

One of the files is a rogue anti-virus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido (Conficker), detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[ SEE: German researchers score Conficker detection breakthrough ]

At the moment, the rogue anti-virus comes from sites located in Ukraine, Gostev said.  Mozilla Firefox is blocking access to the scareware sites.

Gostev also found the latest version of Conficker downloading the Waledac e-mail worm onto the infected systems.   Waledac is a known botnet linked to data theft and e-mail spam campaigns.

Over at Threatpost.com, we’ve prepared a detailed Conficker FAQ and provided a disinfection tool for affected Windows users.  Also see the Techmeme discussion on the latest mutant.

MORE ON CONFICKER:

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 31 Talkback(s)
Anyone who uses windows...
is an idiot. These people have been offered a decent operating system but were too scared to put in the f****** linux cd.
A saying from someone I can't remember the name of... 90% of the world us... (Read the rest)
Posted by: bendib Posted on: 04/15/09  (Edited: 04/15/09 @ 11:09) You are currently: a Guest | | Terms of Use
Gluttons for punishment  Blad_Rnr | 04/09/09
They have never been held financially..  bjbrock | 04/09/09
Only idiots got hit...  Marty R. Milette | 04/10/09
You don't read much do you?  joe.smetona@... | 04/14/09
Anyone who uses windows...  bendib | 04/15/09
Can you tell us  Loverock Davidson | 04/09/09
All coders code the occasional bug  epcraig | 04/10/09
Winders is the ONLY Operating System....  Christian_<>< | 04/09/09
Linux has point and click too!  bendib | 04/15/09
re: Gluttons for punishment  Christian_<>< | 04/09/09
RE: Conficker botnet stirs, with a scareware business model  Loverock Davidson | 04/09/09
Not entirely  gnesterenko | 04/09/09
This patch is available to everyone.  ye | 04/09/09
@ Loverock Here's why conficker exists  DocNasty | 04/09/09
Why do people feel the need to comment on things...  ye | 04/09/09
Reason why it exist....  Christian_<>< | 04/09/09
Ignorant blithering  Marty R. Milette | 04/10/09
Re; NO amount of patching is ever going to be enough.  hkommedal | 04/10/09
are you forgetting Mark Russinovich? (NB)  dave@... | 04/10/09
For want of a shoe nail, the Kindom was lost.  kozmcrae | 04/09/09
Wanna shut down the botnet? Follow the money  DocNasty | 04/09/09
Cash cow for the banks and credit card companies  Marty R. Milette | 04/10/09
follow the money - good idea  alexeig | 04/11/09
I live in Russia  Marty R. Milette | 04/11/09
I'm bored  floriniaru | 04/09/09
This is anarchy in the computer  BALTHOR | 04/09/09
RE: Conficker botnet stirs, with a scareware business model  walt.henley | 04/10/09
RE: Conficker botnet stirs, with a scareware business model  john.rauscher@... | 04/10/09
RE: Conficker botnet stirs, with a scareware business model  rMatey | 04/10/09
use stealth ninja assassins  walkerjian@... | 04/10/09
RE: Conficker botnet stirs, with a scareware business model  phatkat | 04/13/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here