Conficker.E Linked to Fake Antivirus Software Scams

There is no doubt that Conficker Worm has been a serious threat to the computer security world over the past couple months.

The newest variant of Conficker, Conficker.E, has gained traction since April 8th when it was first discovered to be updated. The main difference in the newer Conficker.E variant would be it's ability to propagate and infect users over p2p or peer-to-peer file sharing networks. Instead of using Conficker.C or previous versions of Conficker to spread through the 50,000 newly generated domains, it goes the route of infecting computers through P2P networks over the internet.

Conficker.E is suspected to be communicating with a Waledec worm domain which is behind a wave of fake antivirus applications or scamware. Just like rogue anti-spyware applications, rogue antivirus programs are misleading in a way that it cohorts computer users into purchasing a full version of the fake antivirus application. Conficker.E could be a new culprit for aiding to the spread of fake antivirus programs. It may be safe to say that many security experts did not see this coming.

The Conficker botnet was also discovered to be contacting major traffic sites including eBay, MSN, MySpace, AOL and CNN to double check the compromised systems for internet connectivity. Conficker, as you may remember, was suppose to go through a major update process on April 1st but the actual updated did not take place until April 8th. This is where we get Conficker.E from, a newer variant that has more to do with spreading fake antivirus applications than performing other malicious actions.

Sophos Lab manager said, "On April 7, the Conficker network was ready to be used but no one was using it for anything malicious. They were just building the network and waiting for it to be put into action." He then added, "We weren't expecting anything to happen April 1. It would have been silly for them to do something while everyone was watching"

What should will we expect next?

The Conficker botnet may be much smaller than many experts expected. Just last week Conficker infected machines began to download additional components that were associated with the rogue anti-spyware progam SpywareProtect 2009 through the Waledec worm's built in P2P update methods. Only a very few of the infected Conficker machines have been updated to the latest version but monitoring of the P2P networks associated with the malware is taking place by security researchers.

We may have a contributor to spreading malware or in the case of Conficker.E, a way to spread fake antivirus or fake antispyware applications.