30
Mar
Poisoned Downad/Conficker Removal Searches…
Article from Rik Ferguson
Filed under: malware,SEO | RSS 2.0 | TB | Tags: , , , , | 14 Comments

Reminder: For a FREE tool to remove Conficker (and every other malware in the current pattern file) use Trend Micro’s SysClean available here.

As soon as the good news breaks that it is possible to use tools such as the network scanning tool nmap to search for machines infected by Downad/Conficker, then the malicious SEO work starts.

nmapconresult1

If you need malware removal tools type the URL of your vendor of choice directly into the browser bar and use links on their website. Do not rely on Google search results at this time, as they may have been “optimised”.

Careful what you click on, these Google results are loaded!

Related posts:

  1. Downad/Conficker, who’s the April Fool?
  2. TweetFollow your way to infection
  3. UK Parliament Conficked!

This entry was posted on Monday, 30. March 2009 and is filed under "malware, SEO". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

14 Comments to "Poisoned Downad/Conficker Removal Searches…"

 trends watch:
Tuesday, 31. March 2009 um 12:16 pm

trend watch : Poisoned Downad/Conficker Removal Searches… » Counter Measures…

[...]A Trend Micro Solutions’ Architect Blog. Rik Ferguson and others blog for EMEA.[...]…
Fake safety measure software scammers jump on Conficker | Fortysixty's Blog:
Tuesday, 31. March 2009 um 1:28 pm

[...] manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his [...]
Vindizzle:
Tuesday, 31. March 2009 um 1:42 pm

Use OS X or Linux to surf, and a PC to do work (or a virtualized and sandboxed one), or vice versa. I’m doing research on this conficker worm for fun, and using Firefox and the addon “WOT” (Web of Trust) seems to help quite a bit in weeding out good vs bad information… that is, if you must use windows to surf. No OS is better than another at this point, just learn to use every tool available.
Test version » Blog Archive » Fake Security Software Scammers Jump on Conficker (PC World):
Tuesday, 31. March 2009 um 2:18 pm

[...] manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his [...]
Links falsos para proteger PC do Conficker dominam busca do Google « Mídia Virtual:
Tuesday, 31. March 2009 um 2:37 pm

[...] manipular seu mecanismo de busca, mas os scammers, às vezes, ganham algumas batalhas. Ferguson fezscreen shots dos resultados de busca capturados na noite de segunda-feira (30/03)  e entrou em contato com o [...]
What Will Go DOWNAD on April 1? - TrendLabs | Malware Blog:
Tuesday, 31. March 2009 um 2:52 pm

[...] by poisoning searches related to DOWNAD’s removal. Trend Micro Solutions Architect Rik Ferguson reported that searches for strings like nmap conficker and remove conficker generate malicious links. [...]
Grupo ID » Links falsos para proteger PC do Conficker dominam busca do Google:
Tuesday, 31. March 2009 um 5:50 pm

[...] manipular seu mecanismo de busca, mas os scammers, às vezes, ganham algumas batalhas. Ferguson fez screen shots dos resultados de busca capturados na noite de segunda-feira (30/03)  e entrou em contato com o [...]
Googling for Conficker clean-up information? Be careful | Zero Day | ZDNet.com:
Tuesday, 31. March 2009 um 6:15 pm

[...] Trend Micro has additional details. [...]
Review: Hackers Poison Conficker Detection, Removal Tools; Finding Real Ones:
Tuesday, 31. March 2009 um 9:33 pm

[...] Micro has a post about the issue, pointing to several search engine results for Nmap, one of the tools I highlighted [...]
Fake security software scammers jump on Conficker | CHARGED's Digital Lifestyle at Work or Play:
Wednesday, 1. April 2009 um 1:43 am

[...] manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his [...]
caffeine head:
Wednesday, 1. April 2009 um 4:10 am

it’s ironic — I never would have thought a “worm” could be so frightening…
Massive in Automotive Production – Flickers of Recovery from the After Market — Hobby Cash: Make Cash Blogging About the Things You Love:
Wednesday, 1. April 2009 um 6:48 am

[...] Poisoned Downad/Conficker Removal Searches… » Counter Measures [...]
Josh’s Site » Conficker Problems?:
Wednesday, 1. April 2009 um 10:52 am

[...] poisoning searches related to DOWNAD’s removal. Trend Micro Solutions Architect Rik Ferguson reported that searches for strings like nmap conficker and remove conficker generate malicious links. [...]
What Will Go DOWNAD on April 1? – Security Threat Research News:
Monday, 7. December 2009 um 5:49 am

[...] by poisoning searches related to DOWNAD’s removal. Trend Micro Solutions Architect Rik Ferguson reported that searches for strings like nmap conficker and remove conficker generate malicious links. [...]

Name:

E-Mail (not published)

Website:


Spam protection


© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice | Disclaimer