computer worm, computer hacking

Beware of Fake Sites and Software While Trying to Remove Conficker Worm

March 31, 2009 05:30 PM
by Haley A. Lovett
The Conficker worm exploited security weaknesses in Windows systems. Scam sites that claim to remove it worsen the problem with malicious or useless software.

Conficker Infects Millions of PCs, Starts Security Scams

Since it first surfaced in November, the Conficker worm has infected between 3 million and 10 million PCs worldwide, according to InfoWorld. Naturally, many PC users are looking for ways to detect and remove the virus, and scammers are not far behind in creating ways to exploit those looking for removal software.

Rik Ferguson, a senior security advisor for Trend Micro, told InfoWorld that scammers put lots of popular Conficker removal keywords on their fake Web pages to get higher rankings in Google’s search results. They also post links around the Web leading back to their scam Web sites.  
Scams include sites that will “scan” a computer for the Conficker worm, tell the user they have been infected (even if they haven’t) and then ask them to download software from the site. The software often contains spyware or other malicious programs. Other scams ask users to pay for supposed removal of the worm, when in reality the software doesn’t do anything.

Related Topic: Protecting your computer and removing the Conficker worm

Microsoft help and support notes that computers with antivirus software and strong password protection are less vulnerable to being infected by the Conficker worm. Uses should also be sure to download the most recent security updates for Windows.

Symptoms of infection with the Conficker worm include account lockout, inability to access sites that deal with computer security, and the disabling of automatic updates and other security programs on the computer. Microsoft has a list of other symptoms of infection on its help and support site.

Computers already infected with the Conficker worm may not be able to access the Microsoft Update center or other tools to remove the virus. If you can’t access these places, Microsoft recommends that you visit the OneCare safety scanner.

Qwidget is loading...

Background: Conficker worm’s April 1 activation

It is thought that the Conficker worm will activate on April 1, but exactly what the worm will do is unknown.

Chris Rodriguez, a network security specialist, told InfoWorld that the Conficker worm could make it “easy to point all of these [infected] machines at one target for a denial-of-service attack, or use them for spam or click fraud or cyber-espionage.”

There are two different versions of the Conficker worm, the first infected computers that had not yet gotten the MS08-067 security update for Microsoft Windows. The second version of the worm tries to spread using the security vulnerability, as well as through USB drives and other removable devices, and attempts to infect multiple machines on a network using the ADMIN account, or by trying common weak passwords with each user account.

Computers containing pirated versions of Windows are more likely to get infected with the Conficker worm, as those computers are less likely to have been given the latest security updates. Conficker is also known as the Downadup and Kido virus. It is thought that the virus was created in the Ukraine (as it will not affect computers with keyboard settings for the Ukraine) and Microsoft is offering a $250,000 reward for information about the creator.

Most Recent Beyond The Headlines