Fake security software scammers jump on Conficker

Google's search rankings are being manipulated in order to trick people into downloading bad software
  • (IDG News Service)
  • — 01 March, 2009 08:26

Google's search rankings are being stuffed with links to fake security software that purports to remove Conficker, a widespread worm that's currently the Internet's number one security threat, but doesn't.

Certain search terms will bring up a host of Web pages that could either infect a PC with malicious software or try to sell a dodgy security program, said Rik Ferguson, senior security advisor for the vendor Trend Micro.

Ferguson said he's noticed an uptick in these kinds of sites over the last day or so as other legitimate software tools have been released that can detect Conficker, which has infected between 3 million and 10 million PCs worldwide.

For example, a search for "Nmap Conficker" will bring up malicious results, Ferguson said. Nmap is an open-source networking tool that has been upgraded to detect Conficker infections.

Ferguson said he was surprised at how quickly the scammers began manipulating Google with those search terms, as Nmap was just recently upgraded.

Scammers game Google's search engine by creating Web sites full of search terms, Fergusons said. Another tactic is spamming high-traffic Web sites that lead back to their malicious site in order to drive their Web site up the search ranks.

Google has been battling those who try to manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his findings.

The fake security software Web sites will ask a user to download a file that scans a machine for malware. The software usually tells the user the PC has malicious software even if it isn't infected, Ferguson said.

The software will then badger the user to buy the questionable security program.

"Once you've downloaded it, it's extremely difficult to get that stuff off your machine," Ferguson said.

Finnish security vendor F-Secure has also seen a number of new domain registrations for Web sites selling software that supposedly removes Conficker, according to a company blog.

One of those programs, called MalwareRemoval Bot, demands US$39.95 to remove malware. But it doesn't work.

"It does not remove Conficker.C," wrote Patrik Runald, security response manager for F-Secure. "It didn't do a thing."

Conficker is a difficult-to-remove worm that has vexed the security community. Versions of the worm spread by taking advantage of a vulnerability in the Microsoft Windows Server service, through infected removable media or brute-forcing weak passwords.

The security community is bracing itself for Wednesday, when the Conficker.C variant will become active. The worm is programmed with an algorithm that will generate random domain names.

If one of those domain names is live, the worm will go to the Web site and try to download further instructions.

Conficker.C is programmed to generate 50,000 domain names a day and will then try to access 500 of those names per day, according to the security company Websense.

Those controlling Conficker have yet to use it for malicious purposes, but the vast number of machines that are infected means the botnet could be capable of devastating denial-of-sevice attacks, spam campaigns or widespread data theft.

Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of Conficker's creators.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Topics: scams, conflicker, malware
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?