Scammers Exploiting Conficker Hype, Poisoning Google Search Engine Results

Online scammers are exploiting the interest, rapidly gathering momentum, about the imminent stimulation of the Conficker virus by corrupting results that appear on Google's search engine.

In just hours of upgrading 'Nmap', a scanning program that spots Conficker infections, manipulations were done so that the search engine hits prominently showed fake anti-spyware websites.

Rik Ferguson, Senior Security Advisor at Trend Micro, states that some specific search phrases that use 'Conficker' as one of the keywords would produce web-links connecting to multiple pages that actually present useless security software or could themselves spread malware infection to the visiting computers, as reported by COMPUTERWORLD on March 31, 2009.

Ferguson said that in one instance, he saw malicious web-links among the search results when he entered "Nmap Conficker" as a search term. According to him, he was astonished at the speed with which scammers started exploiting Google with those words as a phrase for the search engine.

Meanwhile, security company F-Secure also said that certain websites appearing among the search results and which emerged from the scam were registered on March 30, 2009.

For example, F-Secure referred to an application known as MalwareRemoval Bot, which is priced at $39.95 and claims to eliminate Conficker from computers. However, the application is totally ineffective, says the company's blog post.

Patrik Runald, Security Response Manager at F-Secure, wrote that the application didn't eliminate Conficker.c, in fact it do nothing.

Security researchers said that scammers regularly attempt to manipulate Google search engine by constructing websites which are filled with widely used search phrases or by the use of spamming tactics that push their websites to higher ranks among the search hits. Meanwhile, Ferguson after posting his searches' screenshots and running them on Trend Micro's blog late March 30, 2009 said he notified the search giant of his findings.

Despite this, millions of computers have got the Conficker infection. During February 2009, Fortinet's researchers counted nearly 100,000 exploit trials per day from the worm. And while in March 2009 there was a slight decline in such trials, Fortinet predicts the number would rise again in April 2009.

Related article: Scammers Exploit Tax System Resulting in ID Theft

» SPAMfighter News - 4/4/2009