Rogues take advantage of Conficker coverage

by LS Anders on April 1st, 2009 in Rogues, Security Alert.

The recent extensive media coverage of the Conficker worm (see previous blog post) has also attracted the creators of rogue anti-malware software. Pages that claim to show how to get rid of this pest have been hijacked by fake scanners that promote rogue software. Another tactic has been to create pages that offer a product, claiming it will remove Conficker. An example is shown below.

 

 

 

 

 

 

 

 

 

 

 

 

 

When clicking the Free Scan button, you download VirusRemover2009. VirusRemover2009 is a rogue anti-spyware product, detected by Ad-Aware as Win32.FraudTool.VirusRemover2009.

 

 

 

 

 

 

 

 

Scanning the machine, VirusRemover2009 did not detect the Conficker worm; it did falsely detect plenty of other infections - but no Conficker.

 

 

 

 

 

 

 

 

 

Keep in mind, there are 3 specific steps that you can take to mitigate your chances of infection by Conficker:

  1. Check for and install Windows updates. Once the latest updates have been installed, set your PC to automatically download and install these updates. The patch that fixed the MS08-067 vulnerability was published in October 2008 yet Conficker continues to thrive, meaning people are still not in the habit of installing security updates.
  2. Ensure all passwords, especially for network drive shares, are not easily guessable
  3. Disable the Autoplay function. Instructions can be found on Microsoft’s Help and Support pages.