Beware fake Microsoft alerts regarding Conficker worm

Filed Under: Malware, Spam

We are seeing a large number of malicious emails in our spam traps, pretending to contain advice regarding the Conficker worm.

Here is a typical message:

Conflicker bogus alert

Subject: Conflicker.B Infection Alert
Attached file: install.zip
Message body:

Dear Microsoft Customer,

Starting 18/10/2009 the "˜Conficker' worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

Sophos detects the attached files proactively as Mal/ZipMal-C and Mal/EncPk-KP.

It goes without saying that opening the attached file is a very bad idea.

By the way, note that the hackers didn't spend much time in their quality control department. The subject line of the spammed out emails refers to "Conflicker" rather than Conficker.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.