Conficker has started doing its thing apparently. Its thing has yet to be defined but everyone should panic anyway, okay?
Exactly one week after it was supposed to get its ducks in a line, reports began to trickle in claiming that Conficker had began updating via P2P between infected computers and dropping a mystery payload on infected machines.
According to PCWorld, researchers at Trend Micro reported that infected machines had begun receiving a binary update which tells Conficker to start scanning for other computers that haven't patched the Microsoft vulnerability the virus exploits.
The new update also tells Conficker to contact MySpace.com, MSN.com, Ebay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Rik Ferguson of Trend Micro told PCWorld. What’s more Conficker also blocks infected PCs from visiting specific sites. Previous Conficker versions wouldn't let people browse to the website of security companies. This new update is timed to stop running on May 3 although it’s unclear if this deadline will pass as uneventfully as the last.
Trend Micro also notes in a blog post that it does not leave a trace of itself in the host machine. “It runs and deletes all traces, no files, no registries etc,” wrote Ivan Macalintal, an advanced threat researcher.
Conficker has infected millions of computers with the specific number varying, depending on who you ask. The number of infected computers ranges from under 5 million to nearly 15 million machines. You can read all about Conficker in our previous posts, here and here. So what’s the verdict, are you guys starting to panic yet?