by Daniel Armao, Security Advisor
The Conficker worm recently received a new update by using a peer to peer network. The new update will download a bogus "antivirus" program called SpywareProtect2009. SpywareProtect2009 will try to trick users into buying the fake antivirus by using scare tactics. The scare tactic is a fake “virus scan” that offers to “delete” nonexistent threats only if a consumer buys the fake antivirus. SpywareProtect2009 will also generate popups that show messages such as “your computer is infected” and will hijack the infected computer's Web browser. There is speculation that Conficker might be using the Waledac, a botnet that spreads by email in the form of fake holiday e-card, to send spam from infected machines and to steal passwords by the use of a keylogger.
If you encounter a scareware popup on the Web do not click on the popup at all, not even the Cancel and X option. To get rid of the popup prior to infection, access the task manager (Ctrl-Alt-Delete) and in the application’s tab click “end task” on your Web browser (Internet Explorer, Firefox, Safari, etc.).
Scareware such as SpywareProtect2009 can also infect a user without Conficker on the Web. To protect yourself against scareware and other malware make sure you have the latest updates from Windows, have your ZoneAlarm Internet Security up to date and use the ZoneAlarm firewall. ZoneAlarm Forcefield will also protect from scareware and other malware by keeping the browser in a protective bubble. Make sure you do not buy SpywareProtect2009 because not only are you out of $49.95, the creators will also now have access to your credit card number…and we all know what that means – unauthorized charges on the card. If you are a victim of scareware tactic, please dispute all charges with your credit card company.
More information on how to detect and remove Conficker can be found at:
http://blog.zonealarm.com/blog/2009/03/the-conficker-worm-signs-protection-and-removal.html
