April 1 may have come and gone without hordes of Conficker-infected zombie computers rising up from the Internet to take over the world, but that doesn’t mean the worm has gone away.
On April 7, Conficker’s authors began seeding a new version of the worm, and—as with previous versions—the update packs in new features designed to get around security patches and techniques employed to stop the worm. The new variant on Conficker, loosely dubbed Conficker.E, is apparently spreading via peer-to-peer networks (according to Trend Micro) and—very curiously—comes with an expiration date: May 3, 2009. That’s right: the latest version of the Conficker worm comes with its own shut-off date, and no one is sure why.
The goal of the Conficker updates appears to still be “scareware:” convincing unsuspecting users their computers are infected and making them pay for a software fix to remove the problem—which, of course, never happens. Fears that the Conficker worm—and the estimated 12 million computers it has infected—would be used to send massive amounts of spam or execute denial-of-service attacks so far appear unfounded. However, the new variant of the Conficker worm also seems to have a connection with the well-known Waledac malware, both connecting to a known Waledac haven site and downloading new Waledac variants. Conficker’s intention there might be to set up Waledac as a spamming operation.
The exploit Conficker uses to move between Windows machines was patched by Microsoft back in October; computers that have been updated since then should be immune to the worm. The Conficker Working Group has also posted a handy “eye chart” Web page that lets users quickly know whether their systems are infected.
Editors' Recommendations
- The war between PC and console is about to heat up again
- Ghost of Tsushima is already shaping up to be a monster PC port
- Alienware sale: Get up to $1,000 off gaming laptops and PCs
- Samsung’s creator week sale knocks up to $1,000 off top monitors
- HP sale: Up to 68% off laptops, printers, monitors, and more