As Conficker activation looms, scammers seek to profit off fear
Online scammers are trying to profit from fear of the latest big name in internet viruses by creating and promoting links to fake security software, according to security firms.
The scams are hoping to capitalize on consumer fear over the Conficker worm, a version of which is set to activate on April 1, 2009, according to internet security firms Trend Micro and F-Secure, among others.
Search requests on websites such as Google that include terms like "Conficker" and "Nmap" — an open-source scanning tool capable of detecting the worm — are coming up with links to ineffective security programs, according to the security firms.
F-Secure said one domain, registered on Monday, advertises a tool called MalwareRemovalBot that costs $39.95 but did not remove the worm in tests.
"If you need malware removal tools, type the URL of your vendor of choice directly into the browser bar and use links on their website," wrote Trend Micro's Rik Ferguson on Monday. "Do not rely on Google search results at this time."
The Conficker worm, also known as the Downandup worm, has been spreading through the internet since the fall, and a group of internet groups and businesses led by Microsoft has offered a $250,000 US reward for information leading to the arrest of those responsible.
The latest variant of the worm, Conficker C, which was noticed in early March, is expected to on April 1 direct machines it has already infected to connect to 500 web URLs a day from a group of 50,000 in an effort to run an update program and possibly receive instructions.
Security experts have advised PC users to make sure their computers are not infected with the worm, but said they do not know what, if anything, will happen on April 1 beyond the C variant's increased effort to connect for an upgrade.