Fake 'Conficker.B Infection Alert' spam campaign drops scareware
Summary: An ongoing spam campaign is once again attempting to impersonate Microsoft's security team -- the same campaign was first seen in April -- by mass mailing Conficker.B Infection Alerts (install.
An ongoing spam campaign is once again attempting to impersonate Microsoft's security team -- the same campaign was first seen in April -- by mass mailing Conficker.B Infection Alerts (install.zip), which upon execution drop a sample of the Antivirus Pro 2010 scareware.
Whereas the theme remains the same, the botnet masters have slightly modified the message:
"Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards, Microsoft Windows Agent #2 (Hollis) Microsoft Windows Computer Safety Division"
The use of email as propagation vector for scareware campaigns (The ultimate guide to scareware protection), and in particular the use of email attachments is an uncommon practice, compared to the single most effective way of hijacking traffic through blackhat search engine optimization where the cybercriminals rely on real-time news events.
The campaign is an example of a -- thankfully - badly executed one in the sense that with Microsoft's Security Essentials recently gained momentum, even the average Internet user would notice the suspicious timing of the offered "antispyware program".
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Conficker.B Alert: Why is MS not doing something
Of late spam purporting to be from Sony Electronics, DHL, Fedex, Western Union, Microsoft, Walmart are attempting to distribute malware in large numbers. Are these companies taking steps to stop misuse of their brand for illegal purposes or choose to do so only in the print/mainstream media?
Brand recognition carries some responsibilities too.
How do you propose they do that?
track them down and kill them? Higher some
leading security firms to track the origin on
the spam?
Realistically, the odds of capture and
prosecution are small.
Best just to invest in good corporate anti-spam
technology at the gateway, use something your
ISP provides, or whatever your AV vendor
provides.
Common email etiquette, if you don't know who
it's from, don't open it.
If it still comes through, you're doing it
wrong.
RE: How do you propose they do that?
[i]Would they send in some covert operators that
track them down and kill them?[/i]
(sarcasm)
I wish that were possible. [b]Summary execution[/b] for spammers, identity thieves and malware authors!
(/sarcasm)
But in reality, that will not happen. (But one can wish!)
Ya, a recreation of the Salem witch trials would be so great.
Boom, dead.
"I TOLD HIM IRL NOT 2 EMAIL ME BUT HE DID NWAYS"
Boom, dead.
Ya.. no.
Not much they can do.
Email was never designed for security, and it's
HARD getting everybody on the same page with a
solution that works, because basically every
solution we know of pretty much requires
everybody to use it. But, unfortunately, it's
difficult convincing people running email
servers to implement a common solution.
So, we're stuck with what we've got. A system
that is broken to the core with no end in sight
for a solution.
Two things they can do;
(hotmail) and the mail client they provide
(outlook).
2) Make Windows stop being infected by malware,
and do so in a way that isn't so annoying that
users disable it.
Re: Two things that can do:
2. Done in Vista, improved in Win7. A very small percentage disabled it.
Improved?
2. Annoying enough in Vista that many disabled
it.. and in 7 it doesn't even work;
http://google.com/search?
q=Windows+7+UAC+injection
Oops, I forgot, everything non-Microsoft is
[i]evil[/i] and can't be trusted.. so here you
go, straight from your holy horse's mouth;
http://bing.com/search?q=Windows+7+UAC+injection
Improved.
2. You say many, I say very few. Google, bing or yahoo searches don't tell us anything about the numbers. The web is full of misinformation.
Ya...
for not making Windows secure is that the other
OSs would be hacked if they did. Such an outcome
would cast a favorable light on MS's stuff.
2. Sorry, but since working binaries and source
code are provided, there's not much room for
misinformation. :p
P.S. did you even look before replying?
oh ya...
2. You wrote "Annoying enough in Vista that many disabled it.". I replied "you say many, I say very few".
Did you reply to the wrong post?
question was what can Microsoft do, and if their
own services are being used as attack vectors they
can do something about that.
2. What's that have to do with the fact that UAC
has been weakened (not improved, like you claimed)
in Windows 7?
errrr
Ain't Microsoft's fault you're on a spammers list.
re: errrr
Not much they can do.
This is up to the Internet caretakers to deal with
But hey, it keeps us security guys employed, so don't rock the status quo boat.
I'm bad, but agree with ejhonda
RE: Fake 'Conficker.B Infection Alert' spam campaign drops scareware
Buggy software comes from everyone.
This has nothing to do with buggy software or an exploit. This has to do with how stupid some end users are an how they still open every attachment sent to them.
It's not so black and white.
doesn't mean you think no other company has ever
made mistakes. Just that Microsoft makes very
insecure software.