Scareware Scammers Monetize ConfickerWritten by Jesmond Darmanin on April 9, 2009
The spammers and scammers are usually pretty speedy to “monetize” (I really hate that word!) a situation. For example, in the PIFTS.exe matter, malicious websites were updated to use PIFTS.exe as a lure before Symantec were able to react publicly to the matter (read the link for the full story), so it’s somewhat surpring that it’s taken them so long to “monetize” Conficker. But, as you would expect, they have indeed now realized that Conficker does indeed provide them with an opportunity to make some bucks and started using it as bait. As reported over at the Sophos blog, spammers are now sending messages which attempt to shock people into downloading and installing a malicious file:
Dear Windows User,
On April 1st, 2009 the “Conficker” virus began infecting Microsoft Windows users extraordinarily quickly. Microsoft has been alerted by your Internet company that your system is showing signs of infection. In order to prevent further infection we advise checking your computer with antispyware software.
We are giving all effected Windows users with a free scanner to secure their computers. Please visit … etc., etc., etc.
The link in the spam leads to a website which attempts to entice users to download a … surprise, surprise … malicious file (Mal/FakeAV-AH, accoring to Sophos).
While pretty much everybody with a modicum of technical savvy will be able to spot that the message is a scam, it’s nonetheless somewhat more convincing than most and will probably hook a good number of people (I suppose I should send my wife’s aged aunt a warning email before she ends up installing the darned thing and then calling me for help!).
Rogue security software and scareware is becoming increasingly common. According to Microsoft’s most recent Security Intelligence Report, “The prevalence of rogue security software has increased significantly over the past three periods.” And, as you would expect, the spam which attempts to trick users into downloading rogue software is becoming increasingly common too.
While your business inboxes are probably – and certainly should be – protected by a spam filter, you never know when one of these messages may manage to slip through the net - and this could, potentially, result in you being left with a mess to clean up (or, at the very least, time-consuming Help Desk calls from concerned users). Consequently, I’ll join Carl E. Reid on his The best email user is an educated email user soap box. To put it simply, there is no substitute for end user education. With threats evolving so rapidly, it’s almost invariable that something will, at some point, slip through your defences and, when that happens, it’s the actions of your end users that will determine the result.
In training users and raising their security awareness, you’ll not only be protecting your business computers, you’ll also be helping them to protect their home computers – and that’s good for everybody.