Conficker Gets Update, Does ... Something

Conficker has started doing its thing apparently. Its thing has yet to be defined but everyone should panic anyway, okay?

Exactly one week after it was supposed to get its ducks in a line, reports began to trickle in claiming that Conficker had began updating via P2P between infected computers and dropping a mystery payload on infected machines.

According to PCWorld, researchers at Trend Micro reported that infected machines had begun receiving a binary update which tells Conficker to start scanning for other computers that haven't patched the Microsoft vulnerability the virus exploits.

The new update also tells Conficker to contact MySpace.com, MSN.com, Ebay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Rik Ferguson of Trend Micro told PCWorld. What’s more Conficker also blocks infected PCs from visiting specific sites. Previous Conficker versions wouldn't let people browse to the website of security companies. This new update is timed to stop running on May 3 although it’s unclear if this deadline will pass as uneventfully as the last.

Trend Micro also notes in a blog post that it does not leave a trace of itself in the host machine. “It runs and deletes all traces, no files, no registries etc,” wrote Ivan Macalintal, an advanced threat researcher.

Conficker has infected millions of computers with the specific number varying, depending on who you ask. The number of infected computers ranges from under 5 million to nearly 15 million machines. You can read all about Conficker in our previous posts, here and here. So what’s the verdict, are you guys starting to panic yet?

(Via PCWorld/Trend Micro)

  • jhansonxi
    Someone needs to make a Linux and OS X port. Too many people are missing out on the mass panic.
    Reply
  • smartel7070
    I've sold all my belongings, filled up the tank and am now on my way to the arctic circle.
    Reply
  • frozenlead
    Hello, Joshua. What game would you like to play?


    Thermonuclear War. Duh.
    Reply
  • 08nwsula
    will this stop any of my daily internet activities?
    no
    Reply
  • chris13th
    Looks like the bunker will come in handy finally.
    Reply
  • belter
    The joke is on people like us reading these articles at work instead of working.
    Reply
  • sublifer
    Your links to the previous posts are broken.

    Beyond not being able to go to norton and mcafee's (and others) websites, is there any other telltale that a machine is infected?
    Reply
  • tester3000
    What's the point of a worm not doing anything,, just getting updated. Lame.
    Reply
  • mustwarnothers
    belterThe joke is on people like us reading these articles at work instead of working.
    I believe that means the joke is on our employers.
    Reply
  • solymnar
    It would be quite the ironic moment if the new virus turns out to be installing AVG or a hacked version of norton antivirus etc. and patching it up to date.

    Granted this is unlikely in the extreme but in my own twisted mind it would be hysterical. A virus that infects PCs...and cleans them up.
    Reply