How the Updated Conficker Worm Makes Money: Scareware
In recent news we reported that the people behind the Conficker worm have updated the malware and that Conficker.E is making the rounds now, coexisting with the old Conficker.C worm on infected machines. It has also come to light that the malware uses scare tactics in order to scam people out of their money; and by that I mean that you are informed that your machine has been infected (which ironically enough it has), and that the Spyware Protect 2009 security solution (fake security software or rogues security software) will cleanse the infection for $49.95.
This phony security software is often times called scareware – simply because it scares people into believing they are infected – and it is one of the main issues that the recent Microsoft Security Intelligence Report (SIR) volume 6 drew attention to. According to SIR vol. 6, scareware or rogue security software has seen a “dramatic rise” – details here.
Getting back to the Conficker issue, the consensus amongst security experts is that the people behind the worm are working to increase the size of the botnet and make a profit off of it. Sophos Labs Manager, Richard Wang, explains: “We weren't expecting anything to happen April 1. It would have been silly for them to do something while everyone was watching. On April 7, the Conficker network was ready to be used but no one was using it for anything malicious. They were just building the network and waiting for it to be put into action. It looks like at the moment they are taking some steps toward a malicious payload. They're looking to rebuild the size of the network.”
In this case machines infected with the Conficker worm will display a pop-up informing users that their machine has been infected and that Spyware Protect 2009 will help, for a price of course. If you fall for the scam and click the link provided there, you will be directed to a web page where you are asked to feed in all your credit card details – which will then be used by the scammers to take all the money in your account. Not a good thing! As a rule of thumb, you should keep your security software and operating system up-to-date and exercise caution in your day-to-day computer usage and online browsing. Do not fall for tricks and scare tactics.
This phony security software is often times called scareware – simply because it scares people into believing they are infected – and it is one of the main issues that the recent Microsoft Security Intelligence Report (SIR) volume 6 drew attention to. According to SIR vol. 6, scareware or rogue security software has seen a “dramatic rise” – details here.
Getting back to the Conficker issue, the consensus amongst security experts is that the people behind the worm are working to increase the size of the botnet and make a profit off of it. Sophos Labs Manager, Richard Wang, explains: “We weren't expecting anything to happen April 1. It would have been silly for them to do something while everyone was watching. On April 7, the Conficker network was ready to be used but no one was using it for anything malicious. They were just building the network and waiting for it to be put into action. It looks like at the moment they are taking some steps toward a malicious payload. They're looking to rebuild the size of the network.”
In this case machines infected with the Conficker worm will display a pop-up informing users that their machine has been infected and that Spyware Protect 2009 will help, for a price of course. If you fall for the scam and click the link provided there, you will be directed to a web page where you are asked to feed in all your credit card details – which will then be used by the scammers to take all the money in your account. Not a good thing! As a rule of thumb, you should keep your security software and operating system up-to-date and exercise caution in your day-to-day computer usage and online browsing. Do not fall for tricks and scare tactics.
