« Back from ZDNet, but soon a new home. | Main | 85% to 95% of all e-mail is spam? Yeah, that makes sense. »

Conficker wakes up to push spam and... scareware?

The Conficker worm has woken up to... drumroll please... push fake antivirus products and spam from an older piece of spam-generating malware. It appears that like many Bay-area startups, Conficker is long on technical ability and short on innovative business models.

I am not trashing the MMBA (Malware MBA)'s ability to extract money from criminal activities. There really are only a handful of ways malware authors have shown they can successfully make money: they can sniff keystrokes, send spam, DDoS websites, or re-sell access to their software and machines to do the same work. However, for all the hype that surrounded the worm I expected something far more sophisticated.

The story for the average consumer is pretty basic. First off, you should not be using any anti-virus software that magically pops up on your system that you have never heard of before. If you are reading this website, chances are you already know this. The spam engine sounds like a ripoff of older technology, so we should expect no dramatic shift in spam mutation techniques. We should expect an increase in spam delivered to people's inboxes due only to the increase in the volume of spam transmission attempts.

Then again, while it is unprofitable, tomorrow the Conficker writers could push down a DDoS package and melt the Internet. This isn't alarmism, it is just what is possible when a single group controls a very large botnet.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


This page contains a single entry from the blog posted on April 9, 2009 10:27 PM.

The previous post in this blog was Back from ZDNet, but soon a new home..

The next post in this blog is 85% to 95% of all e-mail is spam? Yeah, that makes sense..

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.33