Security Corner

Apr 10 2009   11:46PM GMT

Conficker’s raison d’etre? Profit, of Course

Ken Harthun Ken Harthun Profile: Ken Harthun

More than a week after Conficker’s much-hyped April 1st activation date, the botnet has come to life and is using a P2P communication system to update itself on what is believed to be millions of infected PCs. Along with the update, the worm is downloading scareware known as SpywareProtect2009, according to Alex Gostev of Kaspersky Lab:

One of the files is a rogue anti-virus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido (Conficker), detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

As is typical with scareware, once SpywareProtect2009 is downloaded, the victim will start seeing the usual popup warning messages asking if they want to “clean and protect” their PC (see screen shot below). Of course, this will cost them $49.95. The criminals will no doubt make millions on these fees alone while amassing a huge database of valid credit card numbers that will likely be sold for additional profit. has posted an excellent FAQ and also provides a disinfection tool called KKiller for download.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: