On TV.com: LOST Season 6. Premiere Date. Announced.
BNET Business Network:
BNET
TechRepublic
ZDNet

October 19th, 2009

Fake 'Conficker.B Infection Alert' spam campaign drops scareware

Posted by Dancho Danchev @ 3:01 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Spam and Phishing

Tags: Microsoft Windows, Cyberthreats, Internet, Spyware, Spyware, Adware & Malware, E-mail, Security, Spam, Viruses And Worms, Dancho Danchev

An ongoing spam campaign is once again attempting to impersonate Microsoft’s security team — the same campaign was first seen in April — by mass mailing Conficker.B Infection Alerts (install.zip), which upon execution drop a sample of the Antivirus Pro 2010 scareware.

Whereas the theme remains the same, the botnet masters have slightly modified the message:

“Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your  prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division”

The use of email as propagation vector for scareware campaigns (The ultimate guide to scareware protection), and in particular the use of email attachments is an uncommon practice, compared to the single most effective way of hijacking traffic through blackhat search engine optimization where the cybercriminals rely on real-time news events.

The campaign is an example of a — thankfully - badly executed one in the sense that with Microsoft’s Security Essentials recently gained momentum, even the average Internet user would notice the suspicious timing of the offered “antispyware program”.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 67 Talkback(s)
Unfortunately many users don't know
How is a user who has better things to do than follow the IT news
know that when the browser asks them to install updates they
shouldn't?

To start with many Windows users think that the... (Read the rest)
Posted by: richardw66 Posted on: 10/30/09 You are currently: a Guest | | Terms of Use
Conficker.B Alert: Why is MS not doing something  sasthana@... | 10/19/09
How do you propose they do that?  unredeemed | 10/19/09
RE: How do you propose they do that?  bfilipiak@... | 10/21/09
Ya, a recreation of the Salem witch trials would be so great.  AzuMao | 10/21/09
Not much they can do.  CobraA1 | 10/19/09
Two things they can do;  AzuMao | 10/21/09
Re: Two things that can do:  rtk | 10/21/09
Improved?  AzuMao | 10/21/09
Improved.  rtk | 10/22/09
Ya...  AzuMao | 10/22/09
oh ya...  rtk | 10/22/09
Did you reply to the wrong post?  AzuMao | 10/23/09
errrr  Gis Bun | 10/20/09
re: errrr  creeker2 | 10/20/09
Not much they can do.  adr5@... | 10/21/09
This is up to the Internet caretakers to deal with  ejhonda | 10/20/09
I'm bad, but agree with ejhonda  boomerking | 10/21/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  whisperycat | 10/20/09
Buggy software comes from everyone.  Erroneous | 10/20/09
It's not so black and white.  AzuMao | 10/21/09
Perhaps even more scary is all the Apple users ...  de-void | 10/20/09
Not only immune but  Erroneous | 10/20/09
Devoid of thought as usual it seems.  AzuMao | 10/21/09
Just because  tikigawd | 10/21/09
Magically more secure?  sternieman | 10/21/09
Straight out of the box,  rtk | 10/21/09
Don't forget  tracy anne | 10/21/09
Agreed, but also don't forget  rtk | 10/22/09
Given that  tracy anne | 10/22/09
Great idea, base your entire opinion on one event.  AzuMao | 10/22/09
@AzuMao One example, not one event  rtk | 10/22/09
@tracy anne  rtk | 10/22/09
@rtk  AzuMao | 10/23/09
Hmm.  sternieman | 10/23/09
More widely used?  AzuMao | 10/23/09
@AzuMao  rtk | 10/23/09
@rtk  AzuMao | 10/23/09
Try again. I never said all Windows users think Windows is perfect.  AzuMao | 10/21/09
Get real - PCs get infected - Macs not so much - PC fans upset by truth  richardw66 | 10/30/09
One clear advantage of Mac  rahbm | 10/21/09
That's rather irrelevant since most people post in their browsers.  AzuMao | 10/22/09
System Wide doesn't mean Safari  richardw66 | 10/30/09
Thing is spelled right,  rtk | 10/22/09
A decent one would take context into account.  AzuMao | 10/23/09
Bugs?  tikigawd | 10/21/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  wcallahan@... | 10/20/09
The first thing that  Erroneous | 10/20/09
That and the grammatical error...  mgp3 | 10/20/09
Not to mention the date is in European format.  hueta | 10/20/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  creeker2 | 10/20/09
Unfortunately many users don't know  richardw66 | 10/30/09
A list of IP addresses where these messages came from (might be forged)  Joe_Raby | 10/20/09
Spam filters do a pretty decent job  Steve Goldman | 10/20/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  Ali62 | 10/20/09
Never Reply to Unknown Email  wizard57m@... | 10/21/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  Ali62 | 10/20/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  tbensen@... | 10/20/09
Well said  Agnostic_OS | 10/20/09
User education need not be a primary layer of defense  mechBgon | 10/20/09
(L)user education - bah  deanders | 10/21/09
Yes, that would be true  tracy anne | 10/21/09
Agreed.............110%  TonyOz | 10/21/09
There's a good "Outlook Update" one around  rpmyers1 | 10/21/09
Not surprising  rahbm | 10/21/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  flboffin | 10/21/09
Average users get ripped off by Scams? level of protection required?  richardw66 | 10/30/09
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware  crystally0320 | 10/27/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More