While the computing population is secretly expecting fireworks once DOWNAD-infected PCs start accessing some of its 50,000 generated URLs, we at Trend Micro know that cybercrime operates in almost absolute stealth. Preaching this alongside best practices like immediately installing OS, productivity and security software updates is a drum security workers beat tirelessly.
In an anti-climactic turn, spammers are using this particular D-Day event in a peculiar spam run. We received an email message claiming it came from WORM_DOWNAD.KK. Note that the industry more commonly calls the worm referred to in this spam as Conficker, and that WORM_DOWNAD.KK follows the naming convention here at Trend Micro and is our detection for the latest DOWNAD/Conficker variant set to launch a routine on April 1.
Figure 1. Sample DOWNAD spam
It threatens its victim by saying that it will infect his/her system so the user must perform actions like backing up data and scanning for viruses. It also says that it is an auto-generated email so one should not reply to it. However, the recipient’s email address is the same as the sender’s. Another characteristic which is also noticeable in this mail is that it does not contain malware as an attachment or a link that directs to download a malware.
To what end? No one knows, but in case the source of this email ever attempts to send a more dangerous version of this prank, Smart Protection Network protects users by blocking spam and spam sources.