A TREND MICRO BLOG

Mar 30

Poisoned Downad/Conficker Removal Searches…

Rik Ferguson

Filed under: SEO, malware | RSS 2.0 | TB | Tags: , , , , | 14 Comments

Reminder: For a FREE tool to remove Conficker (and every other malware in the current pattern file) use Trend Micro’s SysClean available here.

As soon as the good news breaks that it is possible to use tools such as the network scanning tool nmap to search for machines infected by Downad/Conficker, then the malicious SEO work starts.

nmapconresult1

If you need malware removal tools type the URL of your vendor of choice directly into the browser bar and use links on their website. Do not rely on Google search results at this time, as they may have been “optimised”.

Careful what you click on, these Google results are loaded!


Bookmark
| More

This entry was posted on Monday, 30. March 2009 and is filed under "SEO, malware". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

14 Comments

  1. Tuesday, 31. March 2009 um 12:16 pm

    trend watch : Poisoned Downad/Conficker Removal Searches… » Counter Measures…

    [...]A Trend Micro Solutions’ Architect Blog. Rik Ferguson and others blog for EMEA.[...]…

  2. Tuesday, 31. March 2009 um 1:28 pm

    [...] manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his [...]

  3. Tuesday, 31. March 2009 um 1:42 pm

    Use OS X or Linux to surf, and a PC to do work (or a virtualized and sandboxed one), or vice versa. I’m doing research on this conficker worm for fun, and using Firefox and the addon “WOT” (Web of Trust) seems to help quite a bit in weeding out good vs bad information… that is, if you must use windows to surf. No OS is better than another at this point, just learn to use every tool available.

  4. Tuesday, 31. March 2009 um 2:18 pm

    [...] manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his [...]

  5. Tuesday, 31. March 2009 um 2:37 pm

    [...] manipular seu mecanismo de busca, mas os scammers, às vezes, ganham algumas batalhas. Ferguson fezscreen shots dos resultados de busca capturados na noite de segunda-feira (30/03)  e entrou em contato com o [...]

  6. Tuesday, 31. March 2009 um 2:52 pm

    [...] by poisoning searches related to DOWNAD’s removal. Trend Micro Solutions Architect Rik Ferguson reported that searches for strings like nmap conficker and remove conficker generate malicious links. [...]

  7. Tuesday, 31. March 2009 um 5:50 pm

    [...] manipular seu mecanismo de busca, mas os scammers, às vezes, ganham algumas batalhas. Ferguson fez screen shots dos resultados de busca capturados na noite de segunda-feira (30/03)  e entrou em contato com o [...]

  8. Tuesday, 31. March 2009 um 6:15 pm

    [...] Trend Micro has additional details. [...]

  9. Tuesday, 31. March 2009 um 9:33 pm

    [...] Micro has a post about the issue, pointing to several search engine results for Nmap, one of the tools I highlighted [...]

  10. Wednesday, 1. April 2009 um 1:43 am

    [...] manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his [...]

  11. Wednesday, 1. April 2009 um 4:10 am

    it’s ironic — I never would have thought a “worm” could be so frightening…

  12. Wednesday, 1. April 2009 um 6:48 am

    [...] Poisoned Downad/Conficker Removal Searches… » Counter Measures [...]

  13. Wednesday, 1. April 2009 um 10:52 am

    [...] poisoning searches related to DOWNAD’s removal. Trend Micro Solutions Architect Rik Ferguson reported that searches for strings like nmap conficker and remove conficker generate malicious links. [...]

  14. Monday, 7. December 2009 um 5:49 am

    [...] by poisoning searches related to DOWNAD’s removal. Trend Micro Solutions Architect Rik Ferguson reported that searches for strings like nmap conficker and remove conficker generate malicious links. [...]

Leave a comment

XHTML allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection

© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice. Disclaimer