Conficker finally moving

Last night Conficker - the worm that has any computer user into a tizzy for weeks - finally began to show signs of life. What he does, not very safe.

Here's the scoop: On 8 April, Conficker started updating itself via Internet download, a process that has become possible on the launch date of April 1. Before April 8 Conficker was looking for updates, but did not find any such instructions. Now they are finally delivered.


What is in this direction, although still a little mystery: The downloaded programs are strongly encrypted, so they can not be analyzed in detail. We know that, after installation, instructions, we can see are relatively benign: They tell the computer to check one of five random websites - MySpace, eBay, AOL, CNN and MSN - to check the computer has internet access. It then confirms the date and time.

After that, the downloaded software apparently removes itself, with all traces that it had already been installed (to the right registry keys).

This does not remove it himself, though. Some speculate that the downloaded software installs a rootkit as yet undetectable on the machine, which leaves open the computer for further compromise.

Curiously, the payload also includes instructions for Conficker to remove himself and stop running on May 3, although compromised already in place - and others who May be downloaded in the coming weeks - leaves infected machine vulnerable to attack.