Apr 09 2009
Conficker starts serving up malware
As mentioned in the previous post, Conficker is stirring. After applying some code updates, it has started serving up malware. It’s typical of botnets like Conficker to be rented out in sections to various groups of dirtbags, so not all Conficker victims are getting identical infestations.
Some systems are being infected with a fake antivirus application called “Spyware Protect 2009.” Once launched, it buries you in a blizzard of pop-ups claiming you are infected with any number of malware programs and offering to remove them for $49.95. (Looks like the price has gone up. The standard scareware demand used to be $39.95.)
Other Conficker nodes are being infected with “Waledac,” which establishes a back door for sending spam. Waledac also acts as a password-stealing Trojan, so victims face a privacy threat, as well.
Further reading . . .
PC World has a good overall write-up and Kaspersky’s analysis provides additional detail, especially about Spyware Protect 2009.
No responses yet