Fake Conflicker.B Infection Alert puts internet users at risk

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The global network of spamtraps controlled by the experts inside SophosLabs are seeing a swarm of attacks today, posing as an email warning about the Conficker worm.

Here is a typical message that has been spammed out by hackers:

Malicious email posing as a warning about the Conficker worm

Subject: Conflicker.B Infection Alert
Attached file: open.zip

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:

Dear Microsoft Customer,

Starting 12/11/2009 the "˜Conficker' worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

Opening the file attached to the email (in this case it’s called open.zip) infects your computer with malware which Sophos detects as Mal/EncPk-KW.

The wording is nearly identical to a similar attack I blogged about last October.

What surprises me is that during the last few months the hackers behind the attack appear to have made no effort to fix mistakes in their disguise – for instance, it should say Conficker in the subject line not Conflicker!

I can only presume that they’re counting on their potential victims not spotting that typo. It certainly has not stopped the cybercriminals from sending out the infected messages en masse today. Presently this malicious spam campaign is one of the most commonly seen examples of file attachment malware being spread around the world:

Examples of the malware caught in Sophos's traps


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.