Conficker'd Machines Are All Doing... Something

Whether it's an actual functional update or a ploy to further inflate the worm's horrifying reputation, an encrypted, mysterious thing is downloading to machines infected with Conficker C, right now. UPDATED

The original Conficker doomsday, April 1st, came and went without serious incident. But as Mahoney explained, the worm's subtle update that day left us at much greater risk than before. This so-far inscrutable update could be the first manifestation of security experts' concerns; Trend Micro, in a blog post that sounds more like it was written by a President in an apocalypse movie than a software security expert, has only been able to determine that the payload polls popular websites to check for connectivity, then deletes itself. They speculate, however, that it could be installing a data-gathering Waledac virus.


With no actionable solution for shrinking the three-million-PC install base, we can expect to see plenty of these kinds of stories in the near future. Feel like patching yet?

Updated: It turns out the Waledac bots are rented out to spammers. Kaspersky Lab found that Conficker is downloading and installing fake security software, which will remain on your computer until you pay $49.95 to "remove" the virus from your system. All Conficker nodes have been not acting the same it seems, but the $49.95 would reveal the intentions of the virus to make money.


[BBC, PC World]

Share This Story