The fourth variant of the Conficker worm, Conficker.D, failed to show up on April 1 putting a stop to the speculation that April Fool’s Day would prove to be some sort of Cyber Doomsday. However, 7 days later on April 8, another variant Conficker.E has risen.

The Conficker worm started updating via p2p between infected computers and dropped a mystery payload on infected computers. Researchers say it could be a keystroke logger, a spam generator or both. It is heavily encrypted which is making it difficult to determine it’s nature. The worm spreads through a hole patched by Microsoft in October, through removable storage devices and network shares with weak passwords.

According to Trend Micro, it tries to connect to the following sites to see if the computer has internet connectivity: MySpace.com, MSN.com, eBay.com, CNN.com, and AOL.com. It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

Your Ad Here

Furthermore, Conficker downloads an encrypted file from a domain known to be infected by the worm Waledac, which generates spam and steals data from infected machines. The code of the file is being analyzed by researchers to find what’s in it. It is suspected that Conficker and Waledac both come from the same makers.

In addition to all this, Conficker is now downloading and installing a fake Antivirus software on infected computers by the name of Spyware Protect 2009. After that, it keeps displaying the message that the computer is infected and offering to clean up the system for $49.95, according to the Trend Micro Blog. Paying for the software hands the makers the credit card information. This new Antivirus feature leads to the belief that the goal of Conficker is to make money rather than disrupt the network in any way.

Source

To find out if your machine is infected with Conficker, see this. Scammers are making use of this situation and the top most results on searching for Conficker removal tools are usually malware sources. Experts recommend downloading removal tools directly from trusted Antivirus vendors.