Scareware scammers latch onto Conficker hype

Scammers are taking advantage of the huge interest in the impending "activation" of the Conficker superworm by poisoning search engine results.

News emerged on Monday that sysadmins could use network scanning tools such as Nmap to search for PCs infected by Downad/Conficker.

Within hours searches for Nmap and Conficker were manipulated so that rogue anti-spyware sites appeared prominently in search engine results. Searches for 'remove Conficker' were similarly manipulated using much the same techniques.

A write up of the black hat search engine scam from Trend Micro can be found here. F-secure adds that some of the sites promoted through the scam were only registered on Monday.

Security tools firms advise users searching for malware removal tools to follow links from the site of their vendor of choice rather relying on search engines. ®