Conficker Followed up by Scareware-Powered Spam
Preparation and persistence helped many to dodge the Conficker threat, and while many may have dodged that bullet, the war against malware is far from over. The recently released Microsoft Security Intelligence Report (SIR), which covers the final 6 months of 2008, indicates that rogue security software threats are on the rise. Those pieces of malware, also known as scareware, has increased significantly and is duping users into revealing important information and opening access to their systems to parties unknown.
Scareware works by leveraging users' fears of cyber-attacks by mimicking legitimate advertisements for products that "fix" infected systems. Users are enticed to pay for "full versions" of the offered product to protect their systems from Trojans, worms and other kinds of malware. In reality, both the free and paid for versions of the mock utilities offered are actually malware applications. Those who choose to pay for the mock security software are providing nefarious individuals with credit information, while those who choose to accept "free offers" are setting their systems up to be compromised remotely or at the very least, have their systems turned into zombies spewing spam on a botnet.