A Kaspersky researcher reports that the worm began using its peer-to-peer functionality yesterday to pull down new files, including updates and the fake security program. The fake app goes with the usual scareware tactics of identifying threats on the computer and offering to clean the PC for $49.95.
The scareware tactic makes big money for online scammers, and I've talked to some experts who guessed Conficker might take this step. In addition to the scareware download, Conficker is also pulling down an update for a .E variant that will once again allow the worm to spread using a Microsoft vulnerability (MS08-067), and will also attempt to stop more existing programs and block attempts to reach additional domains
The new update also adds an interesting new self-destruct mechanism to automatically delete itself after May 3, 2009. A Microsoft Malware Protection Center blog post has a good list of the new .E variant changes, and the Today @ PC World blog lists some new clues that might point to its creators.
If you see a scareware pop-up or other indicator on your PC, it's important to know whether it's from a relatively harmless visit to a Web site, or whether it 's from an existing malware infection like Conficker.
You can download this to remove conficker.
Click here
-suz-
0 people have spoken:
Post a Comment