Conficker Infection Spam

Spammers are taking advantage of the hype over the Conficker worm to scare people into installing fake antivirus software. Conficker caused a huge level of media hype due to the Conficker.C variant of the worm changing its domain name generation algorithm on April first. Over the weekend we received several spam messages with subjects such as:

Infection Alert (Case#: <random>)

Conficker Infection Alert (Incident#: <random>)

Microsoft Alert (Incident #: <random>)

Security Breach (Incident#: <random>)

Where <random> is a random selection of numbers and letters.

The messages claim to be from various Microsoft security departments and explain that your computer is infected with Conficker.

After visiting the link the page loads an IFrame which uses an HTML META redirect to the website hosting a familiar fake anti-virus scanning page.

This page pretends to scan your computer and then claims that it is infected with, in this case, hundreds of viruses and will prompt you to download and run the file setup.exe to remove them.

We advise you not to follow links or download files from websites or emails that claim you are infected with a virus.