Conficker worm dabbling with mischief

April 28, 2009 by Glenn Chapman
A man downloads a patch from Microsoft's web site to protect his computer from a worm virus. The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

An April update sent to a tiny percentage of infected computers had the machines retrieve components of notorious Storm and Waledac worms unleashed in past years to create armies of "botnets" -- automated crime networks -- for spreading spam or scareware.

"It looks like these guys are perhaps testing the waters to see which one of those would be a better money-maker for them," Trend Micro advanced threats researcher Paul Ferguson said Monday of Conficker's masters.

"We have always suspected that the people behind this would not sit idly by without trying to make money off this somehow. Spamming and rogue anti-virus are pretty lucrative for these guys."

Ties to components of Storm and Waledac signal that Conficker's creators were likely involved with the other , according to security specialists.

"This connects the dots that the same people behind Conficker are the people behind Waledac and Storm," Ferguson said, noting that evidence is pointing to an organized enterprise in the Ukraine.

"These are well-funded organized in Eastern Europe. They want to steal people's money out of their pockets without being noticed. This same criminal operation is very business savvy."

Hackers are increasingly hiding viruses in bogus to trick people into installing treacherous programs on machines, Microsoft warned earlier this month.

Rogue security software referred to as "scareware" pretends to check computers for viruses, and then claims to find dangerous infections that the program will fix for a fee.

"The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information," Microsoft said.

Hackers have been capitalizing on hype and fear surrounding Conficker to trick people into loading scareware onto computers.

A task force assembled by Microsoft has been working to stamp out Conficker, also referred to as DownAdUp, and the software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Conficker could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

Ferguson believes Conficker's creators are out for cash, not wanton destruction, but that the worm's spread is a sobering reminder that botnets could be turned against Internet-linked parts of national infrastructures.

"How do you rationalize connecting critical networks to the Internet when those kinds of attacks are possible?" Ferguson asked rhetorically.

"We used to joke that the only guarantee for 100 percent security is a pair of wire cutters."

(c) 2009 AFP

Explore further: Bogus security software growing threat: Microsoft

Related Stories

Conficker worm digs in around the world

April 1, 2009

Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

Huge computer worm Conficker stirring to life

April 9, 2009

(AP) -- The dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.

Conficker Worm Prepares For A New Release On April 1

March 27, 2009

( -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business ...

Recommended for you

Technology near for real-time TV political fact checks

January 18, 2019

A Duke University team expects to have a product available for election year that will allow television networks to offer real-time fact checks onscreen when a politician makes a questionable claim during a speech or debate.

Privacy becomes a selling point at tech show

January 7, 2019

Apple is not among the exhibitors at the 2019 Consumer Electronics Show, but that didn't prevent the iPhone maker from sending a message to attendees on a large billboard.

China's Huawei unveils chip for global big data market

January 7, 2019

Huawei Technologies Ltd. showed off a new processor chip for data centers and cloud computing Monday, expanding into new and growing markets despite Western warnings the company might be a security risk.


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Apr 28, 2009
I'm surprised that none of the big corporations who are being hit hard by this kind of thing have decided to take matters into their own hands by hiring a few mercenary groups to track these idiots down and... aaahh... unplug their internet connections... permanently. They are funded by mob groups after all. Who would miss them?

Could be fun to watch, from a safe distance of course:P.
not rated yet May 03, 2009
Reality: run popular OS and two things happen...

1) everyone will target the OS you run (why waste time on only a small fraction of potential targets?);

2) the company that sells your OS will have a stake in protecting you (who gets the bad publicity?)

If you family runs multiple Windows PCs, look seriously at Microsoft's OneCare ( I find it excellent on both XP and Vista platforms. It is cheap protection if you run multiple PCs on broadband Internet (less than $17 per PC per year.)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.