The Conficker worm’s creators are trying new ways to put the pervasive computer virus to work by spreading rogue anti-virus applications called “scareware.” These practices are far too common these days. In fact, some experts are predicting that rogue software will rise by 500% over 2008 totals.

An April update sent to a tiny percentage of infected computers had the machines retrieve components of notorious Storm and Waledac worms unleashed in past years to create armies of “botnets” — automated crime networks — for spreading spam or scareware.

“It looks like these guys are perhaps testing the waters to see which one of those would be a better money-maker for them,” Trend Micro advanced threats researcher Paul Ferguson said Monday of Conficker’s masters.

“We have always suspected that the people behind this would not sit idly by without trying to make money off this somehow. Spamming and rogue anti-virus are pretty lucrative for these guys.”

Ties to components of Storm and Waledac signal that Conficker’s creators were likely involved with the other computer worms, according to security specialists.

“This connects the dots that the same people behind Conficker are the people behind Waledac and Storm,” Ferguson said, noting that evidence is pointing to an organized hacker enterprise in the Ukraine.

“These are well-funded organized cyber-criminals in Eastern Europe. They want to steal people’s money out of their pockets without being noticed. This same criminal operation is very business savvy.”

Hackers are increasingly hiding viruses in bogus computer security software to trick people into installing treacherous programs on machines. Rogue security software referred to as “scareware” pretends to check computers for viruses, and then claims to find dangerous infections that the program will fix for a fee.

“The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information.

To read more about rogue software, known also as misleading applications, please visit our Security Category.

Sources: Trend Micro, TechJaws