Sophos and PandaLabs Detect Dangerous Conficker Infection Alert Campaign

Article by George Norman (Cybersecurity Editor)

on 18 Feb 2010

The Conficker worm (also know as Downup, Downadup and Kido) was released onto unsuspecting Windows users back in 2008 and since then it has been a pain in the unmentionables. Microsoft has issued a patch that would protect Windows users from getting infected, still some still manage to have their computers compromised by the Worm – like the Greater Manchester Police (GMP). The GMP fell victim to the Conficker worm not back in 2008 when it was released; they fell victim to the worm earlier this month.

The Conficker worm now once again makes the headlines. Two prominent names from the security world, Sophos and PandaLabs say a massive flood of spam messages have been detected online. These spam message claim to originate from Microsoft and they play on the Conficker worm scare. Basically they ask the user to download the file attached to the email to ensure the Conficker worm does not infect their computer.

Here is the text of the spam message Sophos and PandaLabs caught in their spam traps:

Dear Microsoft Customer,

Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division


As expected, the attachment is malware. If you download and run the attachment, you will in fact install rogue security software application SecurityTool on your system. The rogue will trick you into thinking your system is infected, then ask for money to remove said infection. To put it bluntly it will scam you out of your hard earned money.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all