Conficker Looks to Cash in On Infections

As we mentioned previously, the Conficker worm made news headlines upon the discovery that the C variant of the worm would start seeking updates to its malicious instructions on April 1st. While the world feared the worst, the day came and went with little visible activity.

However, news is coming in that the worm has been spotted using its ability to pass new instructions from machine to machine in what’s called a “peer-to-peer network”. This allows new orders from the worm’s masters to be sent to a number of infected systems, and have those systems pass those orders on in a big, electronic version of the “telephone” game we played as kids. This helps the worm avoid both detection and avoid getting blocked from getting new orders directly by the good guys.

Like many new forms of malicious software, the new .E variant of the Conficker worm does not appear to be out to cause chaos and destruction, but instead looks to be used to make money. According to PC World, this new variant installs a fake antispyware protection program that calls itself SpywareProtect2009 or Spyware Guard 2008.

As we’ve talked about before on the Geek Squad blog, programs such as SpywareProtect2009 are known as “scareware” because they will start running fake antispyware scans and then report that your system is infected with hundreds of false items. At this point, the program begins its money-making scheme by stating that it can remove these threats if you’ll “register” or “upgrade” the program for a mere $49.95.

There is one up-side to this new update to the Conficker threat. According to virus researchers, the new E variant of the worm is also set to deactivate itself after May 3rd, 2009. However, this doesn’t mean that the threat is completely removed, as other variants of the worm can remain active on the same machine.

In light of this, it’s a good idea to make sure your system is clean now instead of waiting for that May 3rd deactivation, so that no further damage occurs to your operating system files in the meantime.

What can you do to help protect your family’s computer from the Conficker worm?

The first step is to make sure that you have up-to-date antivirus and antispyware protection on your computer. The subscription should be valid and the software set to run scans at least once a week in addition to the normal background scans performed as email or websites are accessed.

Don’t forget, however, that you will still need to exercise caution even with that software, and always be very careful about what attachments or links you’re opening from emails or messages on social networking sites, even if they appear to come from friends.

If you still have questions or concerns about the Conficker worm, or any of the other threats to your computer, you can speak to a Geek Squad Agent at Precincts located in every Best Buy, visit us online at http://www.geeksquad.com/, or call us at 1-800 GEEK SQUAD.