Freeloaders are taking advantage of Conficker scare
According to reports by several anti-virus vendors, the fear of Conficker has brought the first freeloaders to the scene. The cyber criminals try to sell alleged removal tools for the Conficker worm. According to F-Secure, a Google or other search engine query for Conficker removal tools will quickly produce dubious offers that promise a lot and deliver nothing – or even infect the PC with malware themselves. The freeloaders generally belong to the scareware developer crowd. They create programs which try to scare users into buying ineffective anti-virus software by displaying false virus alerts on PCs.
There is no need for users to do a Google search, however, because functioning and virus-free Conficker removal tools can be downloaded free of charge directly from the sites of several anti-virus vendors. Among the vendors offering such programs are Sophos, Symantec, F-Secure, Kaspersky and BitDefender.
Talking about tools: After Felix Leder and Tillmann Werner at Bonn University published their Conficker scanning tool which can be used for remote detection of infected systems, several commercial vendors have produced their own scanners based on the Bonn research. The current version (4.85BETA5) of nmap supports the search for computers that are infected with Conficker. The line nmap --script=smb-check-vulns --script-args=safe=1 -p445 -d ip-adresse is reported to run the test.
Tenable has added a "Conficker Detection" plug-in to Nessus. Security firm Qualys recently extended its online service to include Conficker detection. Vendor nCircle also offers a Conficker scanner for networks.
See also:
- Conficker demystified, a report from The H.
- Conficker worm reloads - maybe, a report from The H.
- German researchers develop network scan for Conficker worm, a report from The H.
- Conficker infects UK parliament, a report from The H.
- Conficker to disrupt legitimate domains in March, a report from The H.
- Conficker becomes a more flexible worm, a report from The H.
- Microsoft, ICANN and others, move to block Conficker, a report from The H.
- F-Secure now claims nine million Conficker infections, a report from The H.
- Report: 2.5 million PCs infected with Conficker worm, a report from The H.
- Conficker in Carinthia: first the state government, now the hospitals, a report from The H.
- Windows worm infection accelerates, a report from The H.
(djwm)