SCF Advanced Search



  • Total Members: 13736
  • Latest: parasti
  • Total Posts: 38287
  • Total Topics: 12876
  • Online Today: 1297
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: Conficker.E Shows Its Colors, Installs Rogue Antivirus SpywareProtect2009  (Read 2296 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7522
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

We knew it would try to make a buck somehow, but until now Conficker hasn't done much beyond spread and update. That changed yesterday, when the worm began installing a rogue antivirus app called SpywareProtect2009 on infected machines.

A Kaspersky researcher reports that the worm began using its peer-to-peer functionality yesterday to pull down new files, including updates and the fake security program. The fake app goes with the usual scareware tactics of identifying threats on the computer (ironically true in this case) and offering to clean the PC for $49.95.

The scareware tactic makes big money for online scammers, and I've talked to some experts who guessed Conficker might take this step. In addition to the scareware download, Conficker is also pulling down an update for a .E variant that will once again allow the worm to spread using a Microsoft vulnerability (MS08-067), and will also attempt to stop more existing programs and block attempts to reach additional domains (see the full list of messed-with processes and domains from Sophos).

The new update also adds an interesting new self-destruct mechanism to automatically delete itself after May 3, 2009. A Microsoft Malware Protection Center blog post has a good list of the new .E variant changes, and the Today @ PC World blog lists some new clues that might point to its creators.

If you see a scareware pop-up or other indicator on your PC, it's important to know whether it's from a relatively harmless visit to a Web site, or whether it 's from an existing malware infection like Conficker.

For a quick and easy way to tell if you're infected with Conficker, use the Conficker Working Group's Eye Chart:,2577.0.html


Samker's Computer Forum -


  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male

The tool pulls images from three sites that Conficker is known to block and displays them in a box. Below the box is a guide to interpreting how you see the images - if they all show up you're in good shape, but if one or more doesn't display it could indicate a Conficker (or other malware) infection.

It's a smart and near-instantaneous test that couldn't be any easier, but keep in mind that if your computer uses a proxy server for web traffic, which can be the case in some companies, you might be infected and still be able to see the images.

Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising