Fake security software scammers jump on Conficker

Google's search rankings are being manipulated in order to trick people into downloading bad software

Google's search rankings are being stuffed with links to fake security software that purports to remove Conficker, a widespread worm that's currently the Internet's number one security threat, but doesn't.

Certain search terms will bring up a host of Web pages that could either infect a PC with malicious software or try to sell a dodgy security program, said Rik Ferguson, senior security advisor for the vendor Trend Micro.

Ferguson said he's noticed an uptick in these kinds of sites over the last day or so as other legitimate software tools have been released that can detect Conficker, which has infected between 3 million and 10 million PCs worldwide.

For example, a search for "Nmap Conficker" will bring up malicious results, Ferguson said. Nmap is an open-source networking tool that has been upgraded to detect Conficker infections.

Ferguson said he was surprised at how quickly the scammers began manipulating Google with those search terms, as Nmap was just recently upgraded.

Scammers game Google's search engine by creating Web sites full of search terms, Fergusons said. Another tactic is spamming high-traffic Web sites that lead back to their malicious site in order to drive their Web site up the search ranks.

Google has been battling those who try to manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his findings.

The fake security software Web sites will ask a user to download a file that scans a machine for malware. The software usually tells the user the PC has malicious software even if it isn't infected, Ferguson said.

The software will then badger the user to buy the questionable security program.

"Once you've downloaded it, it's extremely difficult to get that stuff off your machine," Ferguson said.

Finnish security vendor F-Secure has also seen a number of new domain registrations for Web sites selling software that supposedly removes Conficker, according to a company blog.

One of those programs, called MalwareRemoval Bot, demands US$39.95 to remove malware. But it doesn't work.

"It does not remove Conficker.C," wrote Patrik Runald, security response manager for F-Secure. "It didn't do a thing."

Conficker is a difficult-to-remove worm that has vexed the security community. Versions of the worm spread by taking advantage of a vulnerability in the Microsoft Windows Server service, through infected removable media or brute-forcing weak passwords.

The security community is bracing itself for Wednesday, when the Conficker.C variant will become active. The worm is programmed with an algorithm that will generate random domain names.

If one of those domain names is live, the worm will go to the Web site and try to download further instructions.

Conficker.C is programmed to generate 50,000 domain names a day and will then try to access 500 of those names per day, according to the security company Websense.

Those controlling Conficker have yet to use it for malicious purposes, but the vast number of machines that are infected means the botnet could be capable of devastating denial-of-sevice attacks, spam campaigns or widespread data theft.

Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of Conficker's creators.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags scamsconflickermalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?