Industry News

Conficker Worm Now Shipping With German Film Scanner

German customers of retail chain Tchibo got quite a bonus when buying a Hama-manufactured slide scanner: one of the most devastating pieces of malware in the past five years.

According to a report by Heise Security, the Win32.Worm.Downadup.B (also known as Conficker.B) worm was hidden in the device’s SD card, along with a specially crafted autorun.inf file supposed to execute the worm when the card is plugged into a computer. However, since Microsoft has patched the Autorun behavior to prevent automated malware execution, most Windows users will not get infected when they plug the card in.

Interesting enough is that the piece of malware is present in a file called DCIM.exe. As most operating systems are instructed to hide known file extensions, the user could easily mistake the virus with the DCIM folder where the scanned pictures are stored and click the malicious file, which would initiate the infection.

Although it has received no updates in years from its creators, the Conficker worm is still making rounds in Germany. A Bitdefender survey in the second half of 2012 place it as the fourth most common threat in the DACH region. The virus blocks access to websites of antivirus companies and support forums, and prevents the user from installing certain software applications. The virus is then used to plant rogue security solutions on the victim’s PCs in an attempt to extort the user.

Tchibo has taken the issue extremely seriously and now offers refunds to any customer who wants to return their affected devices. However, computer users who have an antivirus solution installed on their machines can just plug the card in and let the antivirus automatically remove the files.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.