The Conficker worm shut down the Manchester UK police station for 3 days earlier this month. It forced police officers to rely on other jurisdictions to access the country’s criminal data base as the Manchester station was disconnected from the UK Police National Computer Network. Investigators blame an infected USB stick for the incident. Endpoint security is fast becoming one of the most important and sought after security measures in organizations to prevent the spreading of viruses via USB ports.

          “Virus scanning has to extend beyond the PC to all types of removable storage”, Jason Holloway, Northern European sales manager with SanDisk said .”Better still, employees should only be able to use authorised flash drives that include on-board antivirus scanning. This ensures that users cant turn off, disable or work around the protection, and would stop these infections from spreading.”

Conficker has spread like wildfire across the net and has infected over 7 million computers. It was first spotted in 2008. Experts still aren’t sure what its purpose is since its botnet is seldom used.

A year ago Manchester council’s computers were attacked by Conficker, forcing the town to write off parking tickets and spend over $1 million pounds to fix the infection. It’s not yet known if the Manchester police will have to overlook any violations or void any arrests because of their infection.

Security vendors are warning of a wave of ’scareware’ attacks that use false Conficker alerts to trick victims into installing fake antivirus software on their computers.

The fake antivirus programs are known as scareware because of their technique of performing a fake antivirus scan on the computer, scaring the user by alerting them to virus infections that don’t really exist, and then offering to sell the victim software to remove the non-existent infections and protect from them in future.

The victim gives up credit card details for software ranging from $30 up to $100, but the real outcome is that their computer falls under the control of the spammer to grow their botnet.

Security analysts estimate that many tens of millions of computers have been taken over by spammers using these tactics.  Conservative estimates at the low end of the fake antivirus pricing suggest this could be a $1.2 billion industry for spammers and malware authors around the world. Continue reading Fake Antivirus Software a .2 Billion Industry»

Indy.com reported in early April 2009 about the waledec bot riding along with Conficker virus. “Conficker, for the first time, moved beyond sitting quietly on millions of Windows computers worldwide to infecting other vulnerable computers.

This means many more consumers could end up with a variant of Conficker. You also could catch a worm that’s now tagging along for the ride.

This new worm, called Waledec, can open a back door to your computer to steal information or to allow an outsider to control it, security experts warn.”  Waledec’s goal is to make money by harnessing the power of an infected computer and millions of other computers to create a massive “bot network,” or “botnet,” to send out spam.

Continue reading Meet Waledec, Conficker’s Child»

The spammers and scammers are usually pretty speedy to “monetize” (I really hate that word!) a situation. For example, in the PIFTS.exe matter, malicious websites were updated to use PIFTS.exe as a lure before Symantec were able to react publicly to the matter (read the link for the full story), so it’s somewhat surpring that it’s taken them so long to “monetize” Conficker. But, as you would expect, they have indeed now realized that Conficker does indeed provide them with an opportunity to make some bucks and started using it as bait. As reported over at the Sophos blog, spammers are now sending messages which attempt to shock people into downloading and installing a malicious file:

          Dear Windows User,

On April 1st, 2009 the “Conficker” virus began infecting Microsoft Windows users extraordinarily quickly. Microsoft has been alerted by your Internet company that your system is showing signs of infection. In order to prevent further infection we advise checking your computer with antispyware software.

We are giving all effected Windows users with a free scanner to secure their computers. Please visit … etc., etc., etc.

The link in the spam leads to a website which attempts to entice users to download a … surprise, surprise … malicious file (Mal/FakeAV-AH, accoring to Sophos).

Continue reading Scareware Scammers Monetize Conficker»