Fake Conficker Alert Drops Scareware Threat

An ongoing spam campaign is once again attempting to impersonate Microsoft’s security team by mass mailing Conficker.B Infection Alerts that drop a sample of the Antivirus Pro 2010 scareware scam. Here’s a sample of what the text looks like:

Microsoft .NET Plug-In Exposes Firefox Users to Malware Attacks

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.

By Sergey Golovanov
Here are some technical details on the Outlook Web Access phishing scheme.
1. The Spam
According to our preliminary research, the spam emails which attacked OWA users, including Kaspersky, were sent using the pushdo botnet – which is based on malware from the Backdoor.Win32.NewRes family. These Trojans spread via spam, social networks (in conjunction with the Koobface family) and through hacked websites.

The botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake YouTube page.  Read the full story [ Danchev]

Google is making a significant change in the way that it handles legitimate sites that have been compromised and are serving up malware. The search giant announced Monday that it will now provide webmasters with specific examples of the malicious code that was used to compromise their sites.

Secureworks researcher Kevin Stevens has written a must-read article on the Pay-Per-Install business model (PPI) that is used primarily to spread spyware and malware. 
The article discusses the way the affiliate system works, with layers of files and software programs that power the installation of malware on hijacked Windows computers.

A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks.

According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real thing. They look authentic, and with the help of DNS poisoning routines, they even display or in the address bar.  Read the full story [The Register/Dan Goodin]

Over on our sister site, researchers Sergey Golovanov and Igor Soumenkov have published an article that studies a single spam e-mail and  illustrates the methods used by cyber criminals to create botnets and conduct mass spam mailings. The methods and techniques used are clearly illegal in nature and have a single aim: to make cyber criminals rich.  Read the full story []

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.