Conficker Used for Fake Antivirus Software Sale
April Fools’ Day was noted as the expansion date of the Conficker worm, with the possibility of a major threat launch. We have found spam samples attempting to capitalize on the frenzy over Conficker (a.k.a. Downadup), offering the latest in antivirus security software that purportedly protects users from the Conficker threat. Some of these spam messages even use names and images of software much like our own Norton AntiVirus 2009. In the example below, it even mentions the name of one of our Symantec employees frequently cited in the press.
Here is the sample image of the message:
In an attempt to increase financial gain, the product website is made to look like the product is one of our Norton consumer security solutions, by using the AntiVirus 2009 name and even comparing itself with other antivirus solutions such as Spybot, Kaspersky, and AVG.
After clicking on the link inside the message, we find that it redirects to a website where the user is promptly given directions on how to make a payment. Whether or not any product will be made available after the payment is made is still unknown at this point. Even if it were, its effectiveness would be questionable because it will most likely be a rogue application or pirated software.