Scareware and the Conficker Virus

Have you ever gotten a pop-up window that tells you that viruses have been detected, offers you a free scan and then, after giving you an impossible list of viruses, worms, Trojan horses, adware, spyware, and all manner of malware; tells you that by downloading the their anti-malware application for just $49.95, you can clean your system and save yourself the headaches of computer sluggishness and the scourge of identity theft? If you have—and you probably have—then you have been a target of scareware, which can be defined as a type of advertising-related malware that scares you into ordering a product you neither want nor need. Being a target is one thing, but you have to fall for the gag to be a victim. 

Victims think they are going to get more protection than they already have—they don’t—and thereby maintain the health of their computer system. Again, they don’t. By offering their contact and credit card info, they open themselves up to the sort of identity theft they hope to avoid. As for the download, at best it is a substandard anti-virus program that will take care of the things listed in the scan, but not much else. At worst, it infects your system with real worms, Trojans and viruses, which will then use your machine to propagate across the Web. 

The Federal Trade Commission is very interested in scareware and associated fraud, and is working actively to stamp it out. If you did fall victim, you can report possible fraud online at ftc.gov or by phone at 1-877-FTC-HELP. Details about the purchase — including what website you were visiting when you were redirected — are helpful to investigators. 

Now we hear that the much-discussed Conficker Virus is actually part of one of these scareware schemes. According to ZDNet

The Conficker botnet has stirred to life, using its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines.The Conficker update comes a week after a heavily-hyped April 1st activation date and provides the first sign of the motivation behind this malware threat — financially motivated cybercrime. 

The article then goes on to say that the scareware comes from sites located in Ukraine and that Mozilla Firefox is blocking access to the scareware sites. If you are concerned, or think your machine is infected, Threatpost.com has a good Conficker FAQ page as well as a disinfection tool for infected Windows systems. 

If you don’t want to go through this headache, make sure your real anti-malware applications are completely up to date and that you scan your systems regularly, that your spam filters are working well and that your staff knows to avoid websites that are unrelated to your business needs and suspicious email attachments. Remember: Technology is helpful, but the real protection from threats like Conficker comes from developing and enforcing guidelines for your staff so that problems don’t need to be fixed after the fact, they can be avoided.