Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Conficker Scareware Scammers Use Symantec as Lure



 By: Brian Prince
2009-04-03
Article Rating:starstarstarstarstar / 13


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Scammers are using Symantec's name as part of a ploy to lure those panicked by the Conficker worm into buying fake anti-virus. Meanwhile, vendors such as IBM are stating the number of infections may be higher than they thought.

Scammers are continuing their efforts to exploit public fears over Conficker, this time with promises of protection via a product made to look similar to Symantecs Norton Antivirus 2009.

Attackers have been blasting out e-mails that mention the names of Symantec executives talking about the worm and linking to a Website that uses the name "AntiVirus 2009." The Website also compares the software it is selling to well-known products from companies such as Kaspersky Lab and AVG Technologies.

The e-mails - which also include a "product activation code" - feature phony messages such as this one: ???It???s definitely serious,??? Kevin Haley, director of security response at Symantec, said of the virus thought to be embedded in millions of network computers across the globe.

Resource Library:

After clicking on the link inside the message, we find that it redirects to a Website where the user is promptly given directions on how to make a payment, blogged Mayur Kulkarni of Symantec Security Response. Whether or not any product will be made available after the payment is made is still unknown at this point. Even if it were, its effectiveness would be questionable because it will most likely be a rogue application or pirated software.

More figures about the number of Conficker infections are leaking out, though exact numbers remain elusive. Estimates from various security pros have put the number of infections from around 1.3 million to several million more.  

Yesterday, IBMs Internet Security Systems (ISS) division reported that it detected the worm on 4 percent of the IP addresses it monitored. IBM officials, however, cautioned against applying those numbers to the overall situation across the world.

I want to list just a few more caveats so that everyone out there can understand these numbers and interpret them in an appropriate way, blogged Holly Stewart, threat response manager for IBMs ISS X-Force. First, our count is based on distinct IP address. Most personal computers these days use DHCP, which means that their IP address can change every time they connect to a network.

For this reason, some of the hosts are most certainly counted more than one time in our numbers, Stewart explained. On the other hand, many infected computers may be behind NAT devices, and in those cases multiple infected computers may only be counted a single time in our numbers.

The presence of removal and detection tools and the efforts of the research community are believed to have impacted the worms growth. Users looking for tools to fight the worm are advised to go directly to the vendor Websites or to known, trusted sources.





  Reader Comments: Conficker Scareware Scammers Use Symantec as Lure
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}is㶲*Qމg5E=RJe[g,ҌϤ^"!1EꐔO/ޟxuঅL{6Foh4$sW7-gL:9)ٝGo-zIj|݇@BezNULsJԶnL7n[c3P/a᳙(,Q  tjGt0]2xԵk:&gwek/cߨ[`&`1\lTA!j :i?xi='@Ibb(Ѻ}(Dߵ-m: \'|7*UnSp{ca_ʞz5EhDԸ#|x\'g>0;/<Pcw̪Ҵ?쓡7Sա*v25v+n /@Z#\DȁY{74ɿTݱu6{ -XdUZL wbC6S!1kkTը>lYG|ݑ|Y#Xo:QA3MuL_CԿ($fҀ 8#/֌<{mLjXL<:/yӝF3l˸;4 @SKVUBX)ځx.g9{ۖ3PN1돿ΕiR.g9(֝p nKVj0U=铋yظ} ?Fb}" @D%\.I"0i5&ttڽ~H}AFI?jjkMR=0,g fV҈ 'UUjH,aX~6.˫vEëvlL,!R42V,]?#[ˠjq}r||qݾ8^I>Z=$/#t: +?;V'_ZUlxmuH|?-|`kh2`cRZIjg$G/-2 O#dp$c~tǷPZ,.r$dBrJGX*,>JAͼ94o ߦI[ W4j5-Mn "dLi&ϭzp-Alo K(:H)5?&b.L2o<|)=}̗U/d`(AK/g 5t*軤(If0[A0<^f/_\@ 1 p1S{".Ӱuirv]-7+De,,ɺ s5-wfz;\g8i5ZǤwٽuS5O[xXaZ`A). 8G]77JϏRA^Tjrkh2ud8İ)5>'4d}t>჎(>hƋCriYnL,rӇu4A>+wGݺzN߳=Uԇ5j`I l"&q}s)к`y&n@Z@[S衟#j{t( u,/#0/ Zm{ 88ʼE]ubsBݷ|{ޚꖭ-L<ģܠϨC s\(L7^ c2(%E24.'P(AH 9k \99|ޑvZ*&RPJnOq$cwJ"ڹ&,S,ЂW-Kᗄtfh(L=?j1!UG,D`v9r,L.Y ϴ6Jy[+R4dT(9 +ZIQQ#U^ğ;L}Cas#ϖ̡ GLx}GEڟPc ^o=2,XhqOc֩s{wD[q3ԛm)}P{dd{ ɚ)GZdLAuϝ2h Jd7@`Wv.ٖg%}?P%J/N n$50K%g; A&rG|增5 Jx0?3\eDfko2ai[z#jISʁbY;7L`beQ3MVRQy9:zG Ѓ`=r=]?= B LΧRE\ ~1~1UŠP=) ]7`uX]OXL+*)Gpϟ  sWyGZ?Op_3>( M6DJ1*m07؄AԱ~kѲՆgy>cIYpNɃoሻNP}?}6U7 о N,R!uY@a&I>ϣCW5o ɈB"K>AΊ%֍sP) Wk*5r߼Ap%tl=CXg,`YEn;&砩gcɜ~ }\s/@5# "YM jpG`a`S4|rf#G<{hnõ] 7>" V\1oe(Zb]|ťrWPWtY/sO6aHzGVUe@4yģT3# y $6-.wEЋֶ E5`N>gN Xy0|gX =O f)(U|`y5bQrEuYl&ŏjȏUrVՏD>jY PU(V $ ~Vp8{\֖>A(™)xIH51=l)`P(S=ZTX"6)DL7ϰƆ;v.b 6PG }ƴX݂ā3o?_IeY{!keH@X|Pq#ZJӴI> OptG-ˤ̃GF0gcD,Sc ts:C\Դ"Hw ضRs'̅B:iq]C0 H\WK{( ,~w9ـo |\V*Z쇃d9CT`|"@-a'd8'l$ /’;T'.nr_\&#I EnqXp = 267Ɵc1Ή{ݽ]VUv$&/!(0H_dpSi໶$Auv1`(+fۤI.3?+u}?'m՞t/I>'dLЫ{Ļ;~xk݋}:(rjS{4cq >"/['WORdd˙]=+bo/S銿F>;o k'rӼ:m_/~uϻW 9o_dcxx\~xy>g)B*aռ >m6<԰6M tFV5C2҃a)y,ݫ' ;^aJh 鳁VKu^cA0>vV8}i?v;}p¶"CWqk:I@(Nt,$$yUZ¶/WU3$]d%VxF0M3}%3 ՏK^xΠt4w 7{}!F.u0.sT!7?_eܰKw= =z» .+-R!EkE7_UK OW"E:'%:#ڬ/ۥ{?vVȿ5LĬhwo}wF!}kƢSX!R҂%M'm<r`n[9arℲRjJMڄ,D٩ޡ;Xw'>bI<.'x9X_d elv $=:t0ılSt0X V, (_A[|UJ!l ;  [LDxpcȂ3e pH`yJIω0 ڄS-Df@tut[d@>;.[YMh4, T~@gYqkNcuL܉vBGl+z(VD;}Â3 $\ &xñX19%Wޮ8\Db) :0uJՂZ _$Кb W_LEV}R8h!K!J!0ohd. z0nS/X@3J+S-Ler%z\XNW/G!t8ټIo~#g=2Yf GH P7OwꅂT.]5w9]!(K}„hH9g{i) M['`Rriu$@BP5$4ԍK—$ݗJ`ERVT&g\1x>a͐0Nv%:lJXC 9^4%B/hFUʻwR 䱽 z^1{xBIVGV xrs*54O%<_e/+4^G, bD` }[<̄Hy"Ozm[ʫIZuS+8:tʐ(ƸKR3=R<;@n*BA|!dXR% onx*:O}sKBTImJŧbQVM \B$/0|#1*lxb3h 5ED3k,oK*C,8/ q[AIY N9[n O7+[SݱzEwB㠱Ԇ} ̰=`NR@?l B$D ռ Ij< i坶MӄC[vNs?Po@ZR'xk멬E.42 K:y7O7O7O7O4u忈;87$\o՚g `vg8_8C(_Ym0phKtZs_:H YrV=\b|'^ ٵ *ue\Eo WHO1cj-\Nrtzwnj9tѵ;ӧOU(6pMw9FcllRIB-}=s1~DСE} #Τe60X?@0By)X3z~8hycE-+˿%wfEe=u fDnК`$cX|}gtB[} 9zR;՝,; D^aoƟ8OaBԯQc]ZO#<~u:\ ;_/J Һ΋sҽVNr]sbş /z*)3wr_[B*eB/.{Woͣi^g$knzTZ3h~wdצ$f6.{M_r&` ljVV\EQzf0m-mYޣS.%{U2qZZ$&ϒ{[>Shۃy{©Yj|ubM.$tF87?3+┱fne%s_&)I4P"IKtztowwv]g3p A(j5?}r闶Q¡G}[5˼ eM^Aܓݬath-{8Sxr1LZCv1[5Zf aL秺lC;CӸol`Ɯtq"wo(^k{ʞVS, x߸֊[N/Ң=F(x1,#ьJCMwȭAcKup뽰 ̰6$,S p;b G)R3E[Loto/oc䭼d?߿߉nE!?Xә|ޛ~ J5?+O|dQ?a(p5Oa{q'H|!D<{쪓wDQ#=]Thyl?m,G~_(%-r%8=&BaD0‡~-WG`*׶'Nt E ǹu`wC%'0mg=+I#샒=%h=L ,Q)Ds!!?Ñ:-kVFXz-R7DD NE7wyaH`<ĒI cܻ/p#(iLzS^z1lsq̩Tl/ZNxUHkcΩᥣZE9>% RkyKN ߥtc L n ׍TJ9t{`ɣ3#D/,QkOu$ζy1K%XS#oOea=X2'}kOru@Y>gV((b؛L~-=0o>f|[2O`ƖC0ۏUztWc@\B/}&1,bW  +^Rc$W c,z:;9rL+vl"m7\%pKp|{>|6ژyiF$YcMr+/e\Ix##Fk3`u rF@Yj$G P56W:n[H9h][~몇V =wB"#xE wMuq/ S`A`RYh>a:$.+JAW)^5 [z>˘ Uֽ?C.7,Mh:L8!i҅?ǫRS ƈn_dÐs{cLŰDj c 4Q? ~1&'qE< ,iMPm!a\#YKF$hD1fZװÞ36g36:݋n1r T-B@a=Q#3(+9f_~ HU,%29@"F21C(c^BMFh_F+Li0q>0"(S[]ă0>]w7APO:1(pj},ywFw`C'[EY|ob{` ?vO`.usx\jJO?$!Ѕ8i,)@"!9͉k1ka]?X/#~|aP8\  +z+U'I]U@)p!xW`ǪZJ5Wvx!3n?+.4!W)WPh s##vFCd2=`frOtfY _I4UEz{GW~{A[k5пvF?Ӿ(3k|e/y|vNt`w~' >ී৓1g'>;@ Dg(Q~gdwQ{1?sw1]7]? ͐/@q _fsA?=/c=/c}~Z_ S}}Y0 k(*Πkh:k K:ICP%.Np3Ka /ޯ?e$@yJ͠2,c/3\.2Kܿ2~62Ai_u aqʍz^S_xښꖽpۭ]n@KG{1*,xW&re^>&c˼$=)>w懤Ixո]@&JR7[O'ikr(s<2g!h{dZc+mDuLBQU|.y|e8Nt7<1W }^fҖ16? vd{rMtsn \ykr%>| SG0ӚܴO]z8ŭhg?>/ydֺWWV5VlNA6K֐E>YlفGh O WY-JbġCOC/+Ogu>赎>]_Һh.-ЙO>AݷDVN)pB ;`%ɠ1zIg'O!4EL=C>}38]7nޣ97p]w n :C\ԴZjRs'W+{DD&&Q5YUdJ.'jeV*V&K=3 .=M^d fM-ϡ'!pA>fJC#DK(x[xcEv_,mBfP6սD<'u~m

@OÙxO,O~f+g McUݢQoC<:,e` NW>K&D|&ߢ)tOM U/AD[e+PZ2nu–'*F'BN/ɱF?[ >sR:=bՇ.^" (luy9M"ɻ.hpz7xV,0GT1i!nݗnF`;/0601%MxVtSL IU?N6틷$YLAƊv3&Fdu#aqq%f~̦I ůlېr 𓷼m*} }CQ=;t܆,dכvԙ%O_''4WB)SVk͙*q8wp̡{wFo9ao5RFXk[nLt6q>Kso}ma?& (Q"#q}(!1Qps$J!+KESXnA}F$53௚Bxz^Dl, O*1;Üz LJ @Bo)%:/h[1ZOe[BI<`-<~*wzH|c,XoMD %m^Πob_,-YoˊL3t#mG)JqqХI񟄷zH, 7AQ^+yJ>? T@| %).X&">m?'6}Fu;HG"@"xrtPŗ-;ױ) Mm+#84B>ܼlQ޺%qm.;+SL/c<9z@n0$ /-i%o$U`7'#~"3VœA6p8@!(_Gْk0=-Hˍt_$%\"d<l43@FWD0;"6i}.#sE%X,8/ kuf;[r(#<[^ҵ<oc3)Ϸ[<-v; ͇OVe؋(| _b[0~YrJ^Q.u 7tleb @J m73Ttc %` GYU`Kr8ǩk[Vmx w}u+y!.1: ˟]zTqٶ7(G,cݴ-`jk7EmYtAY}#s!?²Lj3mf^^kti( aavX cJ\g'ۂ~ՍK׶S<"Y4/G"?@xolw._^5El݂*Ԉ Ay$O>A@`V\3|f7Z35nBM\3L&j1Bi>e1afrYW`2-Z.<'̳(`,Lv"VKJMΡmdQ0H6c?tf 7@˽]Ng"a7<#/ah(`yba&"e}q$Y?":0X+n:' X;yB(O}i!3L*`g/>!2D!6xV{޽֍^z