Researchers discovered a new variant of the Conficker worm Thursday whose mission is to cash in on unsuspecting PC users. Security companies are warning that the variant is attempting to download malicious code onto victims' systems, possibly including copies of the Waledac Trojan, a spam-oriented application that has propagated through bogus e-mail messages.
The malware authors seem to be making headway after a false start on April 1. US-CERT said it's aware of reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or across a corporate network if the network servers don't have the MS08-067 patch from Microsoft.
What happens next is up to the controllers of Conficker, according to Richard Wang, a manager at Sophos. There have been no significant updates since Thursday. The new Conficker variant, complete with enhanced features, is spreading, he said, and the malware authors are in a position to supply whatever updates they choose into the Conficker network.
One of Conficker's early moves was to download rogue security software onto infected PCs. "The fake security software that is downloaded is very visible. It will display messages and fake security scan results to users, urging them to purchase additional protection software," Wang said. "If it's on your PC, it's hard to miss." The scareware is called Spyware Protect 2009. The program displays a pop-up message that tells a victim the computer is infected and says software is available to remove the fake antivirus program for $49.95. The victim is then sent to a fake Web site to enter credit-card information. The cybercriminals walk away with the money and the victim gets nothing but the bill. Security researchers warn that Conficker could be used to launch further attacks that are likely to focus on financial gain.
The publicity surrounding Conficker has been widespread, but security researchers agree there are always more people to reach. As Wang noted, new users sign on to the Internet every day, so the process of computer-security education is never-ending. One of the key messages that needs to be repeated is that detection and removal can be accomplished with any good antivirus product. Separate removal tools are available and can be convenient, but they only deal with Conficker and do not secure a PC against other threats. "People should be protecting their computers every day against all threats. Focusing on one particular threat at the expense of others can be counterproductive. Putting good security measures in place will help protect you against all threats," Wang said.
"People must also remember that security software should be used alongside good security practices, not instead of them," he added. "Keep your software patched and up to date, use strong passwords, and don't trust strangers on the Internet any more than you would trust strangers on the street."
Return To Virus and Spyware Information CentralCreated on ... April 11, 2009