Conficker Now Unleashed!

After a disappointing show of force on the anticipated lauch date of April 1, 2009 the Conficker worm has begun widening the number of Web sites that it scanned for instructions, a new Conficker variant has emerged and appears to be preparing to spam and steal information.

Symantec representatives said the new Conficker/Downadup variant E is designed to update version .C rather than the first-generation A variant.

The new variant, designated Conficker.E, restores the use of the MS08-67 exploit, which was removed in the previous .C variant. It also includes new self-removal instructions that tell the worm to remove itself from an infected host on May 3. And it includes a slightly different list of Web sites from which to seek instructions.

It has been established that the update is arriving through the worm's peer-to-peer connectivity. It looks for the old .A variant and updates it with the improvements seen in version .C, which include better HTTP and P2P code, stronger defense mechanisms, and advanced anti-forensic techniques. Because P2P updating is slow compared with other methods, it may be several days before the impact of Conficker's changes become apparent.


Somewhere between 1 million and 2 million computers are believed to be actively infected with the malware, down from almost 9 million in January.

To protect yourself you want to ensure that your Windows operating system is up to date. Microsoft released a patch back in October 2008 to help prevent computers with Windows from becoming infected. You willalso want to make sure that you have some sort of antivirus software installed, keep it up to date, and run it daily.