|
The Conficker.C worm became active on April 7th – a week after the expected date for activity. Trend Micro report that at that time it downloaded an update that has changed its behaviour somewhat.
The new variant, Conficker.E (sometimes known as WORM_DOWNAD.E), now has a stop date or May 3rd encoded into it. However the likelihood is that even if the worm itself stops functioning on May 3rd any backdoor that exists as a result of the worm will be left open.
The worm has also been contacting known Waledac worm domains and downloading files from these. Downloads from these servers frequently result in spamming attacks or rogue spyware and virus alerts. The latter may be the real intention of Conficker as it gives cyber-criminals an avenue to monetize the worm’s deployment.
|
