The Conficker worm may have faded from news headlines, but that doesn’t mean that it has been forgotten. In fact, an ongoing spam campaign is banking on it.
According to Sophos, spammers are blasting out messages urging people to download a security tool the messages say comes from Microsoft’s security team. The e-mails actually contain malware detected by Sophos as Mal/ZipMal-C and Mal/EncPk-KP.
The messages typically look like this:
Subject: Conflicker.B Infection Alert
Attached file: install.zip
Message body:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards, Microsoft Windows Agent #2 (Hollis) Microsoft Windows Computer Safety Division
“It goes without saying that opening the attached file is a very bad idea,” blogged Graham Cluley, senior technology consultant at Sophos. “By the way, note that the hackers didn’t spend much time in their quality control department. The subject line of the spammed out emails refers to ‘Conflicker’ rather than Conficker.”
As I’m sure the spammers are well aware, Conficker is still around doing its best to infect users. According to the Conficker Working Group, as of Oct. 19 there were still more than 6.8 million unique IPs infected with variants A, B or C. Conficker hasn’t gone away – but if you are looking for information or tools to clean your system, make sure you are going to somewhere reputable.