Viruses/Worms News

Conficker worm updated to spread scareware

Friday, April 10, 2009

Web security experts have spotted a new variant of the Conficker computer worm they say has begun downloading additional software on infected PCs, including a new rogue anti virus product.

Experts said the new variant, Conficker.E, is designed to update the .C variant that went live on April 1, rather than the original .A version that first showed up late last year.

Not everyone agrees that the malicious code being detected belongs to Conficker, according to InformationWeek. Some security experts believe the new variant is more closely associated with the Waledac worm.

The Washington Post reported that the .E variant sets up a web server on the infected system that re-enables the worm to spread itself through the Microsoft Windows vulnerability that caused the outbreak.

The update also instructs the Waledac component to remove itself if the date is on or after May 3, 2009, according to security researchers, the Post reported.

One security expert told the Post that the scareware update means the cybercriminals responsible for the worm are getting around to trying to make some money from all of their work.

"There are still some unknowns here, but things are becoming a lot more clear," the expert said, according to the Post. "[I]t certainly seems they're making a move here to finally monetize all this effort."
ADNFCR-1765-ID-19118145-ADNFCR

Related News:

Conficker worm could be 'weaponized,' web security researcher warns - 11.2.2009
In the year since the inception of the Conficker worm, a malicious strain of virus that has infected computers all over the globe, security researchers have tracked its spread to as many as 7 million machines.

Scareware rogue antivirus programs dominate U.S. threats this month - 10.30.2009
Scareware programs that mimic antivirus scanners and trick PC users into purchasing scam software were the most common threat removed in October by Microsoft's malware removal tool, the company said this week.

Facebook phishing attack contains Bredolab malware - 10.28.2009
Facebook users should be on the alert for a phishing attack that appears to come from Facebook itself for a password reset. Phony spam emails from the Bredolab botnet are tricking Facebook users into downloading a Trojan malware.

Bredo botnet battles Zeus for control of PCs - 10.26.2009
In the dark world of the cybercriminal economy, computer viruses battle not just against anti-virus security software, but even other strains of malware for control of infected PCs, security researchers said.

Gumblar Trojan exploits Adobe Reader and Acrobat security hole - 10.21.2009
A security flaw in Adobe Reader and Acrobat is being actively exploited by cyber attackers with malicious PDFs. Security researchers at IBM's web security labs have seen a surge in attacks on this security vulnerability.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now