Conficker Infection Alert!!

With all the hype around Conficker recently, it should come as no surprise that scammers are using this highly publicized threat to attempt to spread more malware. We’ve been seeing spam spreading fake AV malware for quite some time, typically using Critical Microsoft Windows updates as a method to frighten readers into clicking links in the messages. Here is an example from last June:

June sample spam

This past weekend, SophosLabs noticed a new “Conficker” theme in the content of these spam messages. Instead of saying there is a critical windows update that needs to be applied, they say that “your Internet company” believes you to be infected, and to click the link to scan your computer:

April sample spam

These messages were sent via a wide range of IPs, and with varying subject lines typical of botnet generated spam:

Sample spam relays

Sample Subject lines

Clicking the link, will again, suggest you are infected via a popup:

Sample fakeav popup

Followed by the typical fake AV webpage. Interestingly, they have not updated the content on these sites to reflect the Conficker infection:

Sample fake AV page

The fake AV malware hosted on this site is detected as “Mal/FakeAV-AH”, however you would not have even been able to browse to these sites were you behind one of our Sophos Web Appliances, as the domains serving this malware were blocked as “Malware” the day they were registered, or the moment they went online.

Posted on April 8th, 2009 by Brett Cove, SophosLabs, Canada
Filed under: General, Malware, Spam

Windows 7 security - A great leap forward or business as usual?

About SophosLabs

SophosLabs protects businesses from known and emerging malware - viruses, rootkits and spyware - and other computer threats like phishing, spam and scams. Learn more about the people who write this blog.

RSS feed

Hot video

International Kill-A-Zombie Day

SophosLabs blog