[nsp-sec] sites that are preying on the conficker victims with scareware and scams.

Smith, Donald Donald.Smith at qwest.com
Wed Mar 25 18:10:58 EDT 2009 

I have run across a site that is using the conficker scare to sell scareware.
hxxp://www.confickerwormremoval.com/
This one is tied to the scareware package securityshield 2009.
It would be nice to see this taken down if possible.



$ whois 74.217.128.133
Internap Network Services Corporation PNAP-SJE-01-2008 (NET-74-217-0-0-1)
                                  74.217.0.0 - 74.217.255.255
Netfirms INAP-TOR001-NETFIRMS-23422 (NET-74-217-128-0-1)
                                  74.217.128.0 - 74.217.129.255

# ARIN WHOIS database, last updated 2009-03-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

$ whois -h upstream-whois.cyrmu.com 74.217.128.133
Host upstream-whois.cyrmu.com not found.

 
$ whois -h upstream-whois.cymru.com 74.217.128.133
PEER_AS | IP               | AS Name
174     | 74.217.128.133   | COGENT Cogent/PSI
701     | 74.217.128.133   | UUNET - MCI Communications Services, Inc. d/b/a Ver
izon Business
3549    | 74.217.128.133   | GBLX Global Crossing Ltd.
6453    | 74.217.128.133   | GLOBEINTERNET TATA Communications


Boy for a site dedicated to removal of conficker they sure seem to want to sell this "great" av product:)



                        How Do I Get Rid of Conficker?
To avoid the unnecessary risk of damaging your computer, we highly
recommend you use a good malware removal utility to automatically
detect and remove Conficker and other malware threats on your PC.
 If you wish to detect the components of <b>Conficker, we recommed downloading the Security Shield 2009 - Total Internet Security available for download from this site.
...
                      <h2>Conficker Manual Removal Instructions</h2>
So you've discovered that you've been infected with Conficker or other
types of spyware. Now you want to manually remove it and prevent
further damage to your computer. To remove Conficker or other malware
components, please follow the instructions below.</p>

This Conficker manual removal process is difficult and you run the risk of destroying your computer
We highly recommend you use <a href="http://www.regnow.com/softsell/nph-softsell.cgi?item=12753-11&affiliate=360576" title="Security Shield 2009 - Total Internet Security">
                    Security Shield 2009 - Total Internet Security</a>.</p>


"Pampers use multiple layers of protection to prevent leakage.  
Rommel used defense in depth to defend European fortresses." (A.White)
Donald.Smith at qwest.com gcia

More information about the nsp-security mailing list