Free Help from Tech Experts

Geeks To Go is a helpful hub, where thousands of volunteers serve up answers and support. Check out the forums and get free advice from the experts, including malware removal and how-to guides and tutorials. Converse about Windows 7, get system building advice or download files... Go to forums >>

Archive for April, 2009

Conficker Installing Rogue Software – Spyware Protect 2009

It appears Conficker’s long feared payload is nothing more than another rogue antispyware removal application that attempts to dupe people into purchasing it. Don’t buy Spyware Protect 2009, remove it. Read our Spyware Protect 2009 removal guide.

Having followed the activities of Eastern European online cyber crime for several years, there is one thing we are certain about — these criminals are motivated by one thing: money.

How was Downad/Conficker helping them meet their goals? It wasn’t. A very large botnet of compromised computers doesn’t make money if it justs “sits there” doing nothing.

So now we saw — as described above — that the Downad/Conficker botnet has awakened, and perhaps their desire to monetizing their efforts is becoming more clear.

In the latest activity, we see infected Downad.KK/Conficker.C nodes pulling down new Waledac binaries (perhaps for spamming, as Waledac has been known to do)from a fast-flux domain infrastructure, but also now it is also installing Fake/Rogue AntiVirus  (AV) malware, too. See screenshot below:

Source: http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/