In association with heise online

31 March 2009, 17:05

Freeloaders are taking advantage of Conficker scare

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to reports by several anti-virus vendors, the fear of Conficker has brought the first freeloaders to the scene. The cyber criminals try to sell alleged removal tools for the Conficker worm. According to F-Secure, a Google or other search engine query for Conficker removal tools will quickly produce dubious offers that promise a lot and deliver nothing – or even infect the PC with malware themselves. The freeloaders generally belong to the scareware developer crowd. They create programs which try to scare users into buying ineffective anti-virus software by displaying false virus alerts on PCs.

There is no need for users to do a Google search, however, because functioning and virus-free Conficker removal tools can be downloaded free of charge directly from the sites of several anti-virus vendors. Among the vendors offering such programs are Sophos, Symantec, F-Secure, Kaspersky and BitDefender.

Talking about tools: After Felix Leder and Tillmann Werner at Bonn University published their Conficker scanning tool which can be used for remote detection of infected systems, several commercial vendors have produced their own scanners based on the Bonn research. The current version (4.85BETA5) of nmap supports the search for computers that are infected with Conficker. The line nmap --script=smb-check-vulns --script-args=safe=1 -p445 -d ip-adresse is reported to run the test.

Tenable has added a "Conficker Detection" plug-in to Nessus. Security firm Qualys recently extended its online service to include Conficker detection. Vendor nCircle also offers a Conficker scanner for networks.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit