Conficker Fears Create Fertile Ground for Other Scammers
The ripple effect of the Conficker worm is starting to draw in people concerned about the security of their computers. Many who try to do something about it by searching for removal tools are running into scams and even more malware, thanks to black hat search engine optimization.
03/31/09 11:47 AM PT
You Googled "Conficker," and you read the stories about the computer worm that's vexing security researchers around the world. Your fears about your own PC soon hit critical mass, so you then Google "how to detect/remove Conficker." What you get is the latest example of social engineering from Internet criminals and Web hucksters; in attempting to run away from one bit of nasty malware, you could head right into the arms of another.
"We started to see poisoned SEO (search engine optimization) results within the past few days, as well as fake/rogue AV (antivirus) sites claiming to remove Conficker/Downadup, which actually Trojanize people who fall victim to these scams," Trend Micro threat researcher Paul Ferguson told TechNewsWorld.
That means clicking on one of the top links for a "free" Conficker removal tool could actually lead to a series of screens requiring you to pay US$39.95 for the actual tool; that is, if it doesn't infect your PC first or route what personal information you've given them into the wrong hands. Bottom line: Don't trust the Google links, says Ferguson, as they've been "optimized." Head to a trusted security vendor, of if you can't because your PC has already been infected by Conficker -- which blocks access to antivirus sites -- get a friend with an clean computer to email you a scanning/removal tool.
Latest Worry as C-Day Approaches
The Conficker scams are just one more thing for computer security researchers to deal with as the April 1 trigger date approaches for the worm. Not that those same researchers know exactly what will happen; they do know that the malware will try to contact domain names and attempt to hide deeper within the Internet from those hunting it down, but they can't say for sure for what purposes Conficker is designed.
"I don't know if there's a consensus on the impact of the worm," Barbara Endicott, director of the University of Washington's Center for Information Assurance and Cybersecurity told TechNewsWorld. "There's been considerable analysis made of the worm itself, and reverse engineering, but it's designed in a clever way to encrypt its pieces so it makes it difficult to analyze exactly what it does."
"Conficker is probably the worst malicious code infection since the Sasser way back in 2004," said Cigital chief security researcher Gary McGraw. "It shows that though we have started to improve software security, we have only just begun. Conficker set the stage for a cat and mouse game between the bad guys and the good guys. In this case, the bad guys are using very sophisticated methods and appear to be winning," he told TechNewsWorld.
Serious implications, including information warfare on a grand scale and Internet disruptions, could result from Conficker, although probably not on Wednesday, McGraw maintains. Security researchers don't think whoever wrote the worm would use it to take down the Internet, which is a Web criminal's golden goose filled with spam botnets and phishing lures. If anything, Conficker should remind us all to seek new ways of circumventing these threats, he said.
"Though software security has improved markedly in the last decade, computer security as a whole still relies on an outmoded 'penetrate and patch' approach, which is reactive, not proactive. Since not everyone uses automatic update, many machines are left vulnerable even though the security problem used by the worm is known and a patch exists. The future of computer security must involve building software that is not riddled with security bugs in the first place," McGraw said.
Focus on Conficker
Many in the tech world are keeping watch on all things Conficker this week. That includes the company that stands to lose the most if Conficker is successful -- Microsoft. The worm took advantage of a flaw in Windows that was fixed in October, but the software giant has reached out to independent security researchers since then to try and eradicate the malware in the wild. The company has been a model of cooperation, according to the man who discovered the major DNS (domain naming system) security flaw in the Web last year: Dan Kaminsky.
Kaminsky, who is a top security researcher with IO Active, is part of both the Conficker Working Group and the Honeynet Project, which on Monday released a scanning tool to help firms and individuals know if their PCs are compromised.
"I have no complaints on how Microsoft has handled this," Kaminsky told TechNewsWorld. "This Conficker Working Group is wonderful. It's a massive multi-organizational effort over the past five months that's been dealing with the bad guys. Microsoft has a leadership role in it, working with security firms all across the industry."
Kaminsky audits Microsoft's operating systems but retains his independence, so he maintains that if the company were mishandling this issue, he'd be the first to scream about it. But while crediting the company for its efforts, he also says the "the problems are so much bigger than any one company now, bigger than any team. Microsoft is just one player among many if we're going to deal with what the bad guys are up to."