April 28, 2009
Conficker Scareware Spamming
In the latest chapter of the infamous Conficker worm saga, security experts say its creators appear to be modifying the virus so that it can turn computers into breeding grounds for fake anti-virus software.
A new update to the worm carried previously known viruses Storm and Waledac to turn personal computers into botnets capable of sending mass amounts of spam and so-called "scareware."
"It looks like these guys are perhaps testing the waters to see which one of those would be a better money-maker for them," Trend Micro advanced threats researcher Paul Ferguson said.
"We have always suspected that the people behind this would not sit idly by without trying to make money off this somehow. Spamming and rogue anti-virus are pretty lucrative for these guys."
Ferguson said the presence of Storm and Waledac viruses in the recent update reveal that the Conficker's creators are likely to have been connected to those attempts in the past. He added that evidence shows that the hacking activity is based in the Ukraine.
"These are well-funded organized cyber-criminals in Eastern Europe. They want to steal people's money out of their pockets without being noticed. This same criminal operation is very business savvy."
Cybercriminals from around the world have been turning to scareware as their preferred method of tricking Web users. Some cybercriminals could be earning as much as $10,000 a day from deceiving users into downloading their fake security software.
Fraudsters also use deceptive pop-up advertisements to convince users to buy their fake anti-virus software.
The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information," Microsoft said in a recent report.
Microsoft has put together a team of experts to battle Conficker along with a bounty of $250,000 for the names of those responsible for its development.
On the Net: