Posted by: Stephen Wildstrom on April 9, 2009
The Conficker worm, which did not bring the Internet to its knees or do much of anything else on April 1, continues to evolve in ways that have security experts scratching their heads about what may be the ultimate goals of the unknown bad guys behind the malware.
On April 9, both Symantec and Trend Micro issued updates noting new activity. Symantec (no link available) said that the latest modifications to the worm, which it calls W32.Downadup, include instructions to disable itself on May 3. It also says infected machines are contacting high profile Web sites, but all they are doing is checking the current date and neither uploading nor downloading any data. Symantec researchers say they have discovered a possible link to the spam-spewing bot computers controlled by the W32.Waledac worm.
Trend Micro issued a somewhat more alarmist report, saying it has found indications " that cybercriminals behind the notorious Conficker worm may finally be gearing up for more serious attacks.." But the only support Trend Micro gave for the claim was the observation of some increased peer-to-peer communications between infected machines and a system "believed to be hosted in Korea."
There isn't a lot us ordinary folks can do about this slowly unfolding drama. Just make sure to keep your systems patched with the latest Windows updates and run antivirus software that is kept up to date with the newest malware definitions.